From sle-updates at lists.suse.com Thu Apr 1 13:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 15:16:32 +0200 (CEST) Subject: SUSE-SU-2021:14684-1: important: Security update for MozillaFirefox Message-ID: <20210401131632.A4B20F79F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14684-1 Rating: important References: #1183942 Cross-References: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14684=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14684=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.9.0-78.123.1 MozillaFirefox-translations-common-78.9.0-78.123.1 MozillaFirefox-translations-other-78.9.0-78.123.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.9.0-78.123.1 References: https://www.suse.com/security/cve/CVE-2021-23981.html https://www.suse.com/security/cve/CVE-2021-23982.html https://www.suse.com/security/cve/CVE-2021-23984.html https://www.suse.com/security/cve/CVE-2021-23987.html https://bugzilla.suse.com/1183942 From sle-updates at lists.suse.com Thu Apr 1 16:16:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 18:16:35 +0200 (CEST) Subject: SUSE-RU-2021:1002-1: Recommended update for wireguard-tools Message-ID: <20210401161635.09C8BF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireguard-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1002-1 Rating: low References: #1181334 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireguard-tools fixes the following issues: - Added tunnel config reload functionality (e.g. systemctl reload wg-quick at wg0.service) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1002=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): wireguard-tools-1.0.20200827-5.6.5 wireguard-tools-debuginfo-1.0.20200827-5.6.5 wireguard-tools-debugsource-1.0.20200827-5.6.5 References: https://bugzilla.suse.com/1181334 From sle-updates at lists.suse.com Thu Apr 1 16:17:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 18:17:34 +0200 (CEST) Subject: SUSE-RU-2021:1003-1: moderate: Recommended update for libcap Message-ID: <20210401161734.A46CAF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1003-1 Rating: moderate References: #1180073 ECO-3460 SLE-17092 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1003=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1003=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-14.3.1 libcap-devel-2.26-14.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-14.3.1 libcap-progs-2.26-14.3.1 libcap-progs-debuginfo-2.26-14.3.1 libcap2-2.26-14.3.1 libcap2-debuginfo-2.26-14.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcap2-32bit-2.26-14.3.1 libcap2-debuginfo-32bit-2.26-14.3.1 References: https://bugzilla.suse.com/1180073 From sle-updates at lists.suse.com Thu Apr 1 16:18:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 18:18:34 +0200 (CEST) Subject: SUSE-RU-2021:1004-1: moderate: Recommended update for libcap Message-ID: <20210401161834.78172F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1004-1 Rating: moderate References: #1180073 ECO-3460 SLE-17092 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1004=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1004=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libcap-debugsource-2.26-4.3.1 libcap2-2.26-4.3.1 libcap2-debuginfo-2.26-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-4.3.1 libcap-devel-2.26-4.3.1 libcap-progs-2.26-4.3.1 libcap-progs-debuginfo-2.26-4.3.1 libcap2-2.26-4.3.1 libcap2-debuginfo-2.26-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcap2-32bit-2.26-4.3.1 libcap2-32bit-debuginfo-2.26-4.3.1 References: https://bugzilla.suse.com/1180073 From sle-updates at lists.suse.com Thu Apr 1 16:19:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 18:19:38 +0200 (CEST) Subject: SUSE-RU-2021:1005-1: Recommended update for release-notes-sles Message-ID: <20210401161938.6F05FF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1005-1 Rating: low References: #1178261 SLE-16552 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: - Added note about AutoYaST profile changes (bsc#1178261) - Added back OpenLDAP note from SLES 15 GA (jsc#SLE-16552) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1005=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1005=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1005=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1005=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1005=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1005=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-1005=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1005=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Manager Retail Branch Server 4.0 (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Manager Proxy 4.0 (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE Enterprise Storage 6 (noarch): release-notes-sles-15.1.20210217-3.17.2 - SUSE CaaS Platform 4.0 (noarch): release-notes-sles-15.1.20210217-3.17.2 References: https://bugzilla.suse.com/1178261 From sle-updates at lists.suse.com Thu Apr 1 19:15:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 21:15:49 +0200 (CEST) Subject: SUSE-SU-2021:1008-1: important: Security update for tomcat Message-ID: <20210401191549.779BDF78E@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1008-1 Rating: important References: #1182909 #1182912 Cross-References: CVE-2021-25122 CVE-2021-25329 CVSS scores: CVE-2021-25122 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25122 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25329 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25329 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-1008=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-1008=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): tomcat-9.0.36-3.24.1 tomcat-admin-webapps-9.0.36-3.24.1 tomcat-el-3_0-api-9.0.36-3.24.1 tomcat-jsp-2_3-api-9.0.36-3.24.1 tomcat-lib-9.0.36-3.24.1 tomcat-servlet-4_0-api-9.0.36-3.24.1 tomcat-webapps-9.0.36-3.24.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.24.1 tomcat-admin-webapps-9.0.36-3.24.1 tomcat-el-3_0-api-9.0.36-3.24.1 tomcat-jsp-2_3-api-9.0.36-3.24.1 tomcat-lib-9.0.36-3.24.1 tomcat-servlet-4_0-api-9.0.36-3.24.1 tomcat-webapps-9.0.36-3.24.1 References: https://www.suse.com/security/cve/CVE-2021-25122.html https://www.suse.com/security/cve/CVE-2021-25329.html https://bugzilla.suse.com/1182909 https://bugzilla.suse.com/1182912 From sle-updates at lists.suse.com Thu Apr 1 19:16:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 21:16:54 +0200 (CEST) Subject: SUSE-SU-2021:1006-1: moderate: Security update for curl Message-ID: <20210401191654.29214F78E@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1006-1 Rating: moderate References: #1183933 #1183934 Cross-References: CVE-2021-22876 CVE-2021-22890 CVSS scores: CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-22890 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1006=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1006=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): curl-7.66.0-4.14.1 curl-debuginfo-7.66.0-4.14.1 curl-debugsource-7.66.0-4.14.1 libcurl4-7.66.0-4.14.1 libcurl4-debuginfo-7.66.0-4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.14.1 curl-debuginfo-7.66.0-4.14.1 curl-debugsource-7.66.0-4.14.1 libcurl-devel-7.66.0-4.14.1 libcurl4-7.66.0-4.14.1 libcurl4-debuginfo-7.66.0-4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.14.1 libcurl4-32bit-debuginfo-7.66.0-4.14.1 References: https://www.suse.com/security/cve/CVE-2021-22876.html https://www.suse.com/security/cve/CVE-2021-22890.html https://bugzilla.suse.com/1183933 https://bugzilla.suse.com/1183934 From sle-updates at lists.suse.com Thu Apr 1 19:19:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 21:19:00 +0200 (CEST) Subject: SUSE-SU-2021:1009-1: important: Security update for tomcat Message-ID: <20210401191900.99FF9F78E@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1009-1 Rating: important References: #1180947 #1182909 #1182912 Cross-References: CVE-2021-24122 CVE-2021-25122 CVE-2021-25329 CVSS scores: CVE-2021-24122 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-24122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25122 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25122 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25329 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25329 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947). - CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1009=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1009=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1009=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1009=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1009=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1009=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1009=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1009=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1009=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Manager Retail Branch Server 4.0 (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Manager Proxy 4.0 (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE Enterprise Storage 6 (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 - SUSE CaaS Platform 4.0 (noarch): tomcat-9.0.36-4.58.1 tomcat-admin-webapps-9.0.36-4.58.1 tomcat-el-3_0-api-9.0.36-4.58.1 tomcat-jsp-2_3-api-9.0.36-4.58.1 tomcat-lib-9.0.36-4.58.1 tomcat-servlet-4_0-api-9.0.36-4.58.1 tomcat-webapps-9.0.36-4.58.1 References: https://www.suse.com/security/cve/CVE-2021-24122.html https://www.suse.com/security/cve/CVE-2021-25122.html https://www.suse.com/security/cve/CVE-2021-25329.html https://bugzilla.suse.com/1180947 https://bugzilla.suse.com/1182909 https://bugzilla.suse.com/1182912 From sle-updates at lists.suse.com Thu Apr 1 19:22:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 21:22:25 +0200 (CEST) Subject: SUSE-SU-2021:1007-1: important: Security update for MozillaFirefox Message-ID: <20210401192225.A1D4BF78E@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1007-1 Rating: important References: #1183942 Cross-References: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1007=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1007=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1007=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1007=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1007=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1007=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1007=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1007=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1007=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1007=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1007=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1007=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1007=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1007=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1007=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Manager Server 4.0 (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Manager Proxy 4.0 (x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 - SUSE Enterprise Storage 6 (x86_64): mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-78.9.0-3.136.1 MozillaFirefox-branding-SLE-78-4.16.1 MozillaFirefox-debuginfo-78.9.0-3.136.1 MozillaFirefox-debugsource-78.9.0-3.136.1 MozillaFirefox-devel-78.9.0-3.136.1 MozillaFirefox-translations-common-78.9.0-3.136.1 MozillaFirefox-translations-other-78.9.0-3.136.1 mozilla-nspr-32bit-4.25.1-3.17.1 mozilla-nspr-32bit-debuginfo-4.25.1-3.17.1 mozilla-nspr-4.25.1-3.17.1 mozilla-nspr-debuginfo-4.25.1-3.17.1 mozilla-nspr-debugsource-4.25.1-3.17.1 mozilla-nspr-devel-4.25.1-3.17.1 References: https://www.suse.com/security/cve/CVE-2021-23981.html https://www.suse.com/security/cve/CVE-2021-23982.html https://www.suse.com/security/cve/CVE-2021-23984.html https://www.suse.com/security/cve/CVE-2021-23987.html https://bugzilla.suse.com/1183942 From sle-updates at lists.suse.com Thu Apr 1 19:25:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Apr 2021 21:25:25 +0200 (CEST) Subject: SUSE-SU-2021:1010-1: moderate: Security update for OpenIPMI Message-ID: <20210401192525.618B0F78E@maintenance.suse.de> SUSE Security Update: Security update for OpenIPMI ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1010-1 Rating: moderate References: #1183178 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for OpenIPMI fixes the following issues: - Fixed an issue where OpenIPMI was creating non-position independent binaries (bsc#1183178). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1010=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1010=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1010=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1010=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1010=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1010=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1010=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1010=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1010=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1010=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1010=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Manager Proxy 4.0 (x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 - SUSE CaaS Platform 4.0 (x86_64): OpenIPMI-2.0.25-7.3.1 OpenIPMI-debuginfo-2.0.25-7.3.1 OpenIPMI-debugsource-2.0.25-7.3.1 OpenIPMI-devel-2.0.25-7.3.1 References: https://bugzilla.suse.com/1183178 From sle-updates at lists.suse.com Fri Apr 2 06:06:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 08:06:18 +0200 (CEST) Subject: SUSE-CU-2021:88-1: Recommended update of suse/sles12sp5 Message-ID: <20210402060618.A1E32B462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:88-1 Container Tags : suse/sles12sp5:6.5.155 , suse/sles12sp5:latest Container Release : 6.5.155 Severity : moderate Type : recommended References : 1180073 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1003-1 Released: Thu Apr 1 15:06:58 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) From sle-updates at lists.suse.com Fri Apr 2 06:21:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 08:21:30 +0200 (CEST) Subject: SUSE-CU-2021:89-1: Recommended update of suse/sle15 Message-ID: <20210402062130.405A1B462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:89-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.369 Container Release : 4.22.369 Severity : moderate Type : recommended References : 1180073 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) From sle-updates at lists.suse.com Fri Apr 2 06:34:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 08:34:05 +0200 (CEST) Subject: SUSE-CU-2021:90-1: Recommended update of suse/sle15 Message-ID: <20210402063405.9F5DBB462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:90-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.429 Container Release : 6.2.429 Severity : moderate Type : recommended References : 1180073 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) From sle-updates at lists.suse.com Fri Apr 2 06:40:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 08:40:48 +0200 (CEST) Subject: SUSE-CU-2021:91-1: Recommended update of suse/sle15 Message-ID: <20210402064048.C1162B462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:91-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.882 Container Release : 8.2.882 Severity : moderate Type : recommended References : 1180073 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) From sle-updates at lists.suse.com Fri Apr 2 06:40:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 08:40:56 +0200 (CEST) Subject: SUSE-CU-2021:92-1: Security update of suse/sle15 Message-ID: <20210402064056.502D6B462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:92-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.883 Container Release : 8.2.883 Severity : moderate Type : security References : 1183933 1183934 CVE-2021-22876 CVE-2021-22890 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) From sle-updates at lists.suse.com Fri Apr 2 06:42:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 08:42:21 +0200 (CEST) Subject: SUSE-CU-2021:93-1: Security update of suse/sle15 Message-ID: <20210402064221.C5BE5B462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:93-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.238 Container Release : 13.2.238 Severity : important Type : security References : 1078466 1146705 1172442 1175519 1178775 1180020 1180083 1180596 1181011 1181358 1181831 1183094 1183370 1183371 1183852 CVE-2020-11080 CVE-2021-24031 CVE-2021-24032 CVE-2021-3449 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] From sle-updates at lists.suse.com Fri Apr 2 13:15:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Apr 2021 15:15:30 +0200 (CEST) Subject: SUSE-RU-2021:1011-1: moderate: Recommended update for dehydrated Message-ID: <20210402131530.35596F79F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dehydrated ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1011-1 Rating: moderate References: SLE-15909 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for dehydrated fixes the following issues: Update to dehydrated 0.7.0 (JSC#SLE-15909) Added: - Support for external account bindings - Special support for ZeroSSL - Support presets for some CAs instead of requiring URLs - Allow requesting preferred chain (--preferred-chain) - Added method to show CAs current terms of service (--display-terms) - Allow setting path to domains.txt using cli arguments (--domains-txt) - Added new cli command --cleanupdelete which deletes old files instead of archiving them Fixed: - No more silent failures on broken hook-scripts - Better error-handling with KEEP_GOING enabled - Check actual order status instead of assuming it's valid - Don't include keyAuthorization in challenge validation (RFC compliance) Changed: - Using EC secp384r1 as default certificate type - Use JSON.sh to parse JSON - Use account URL instead of account ID (RFC compliance) - Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated - Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options - Cleanup now also removes dangling symlinks Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1011=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1011=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1011=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1011=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1011=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1011=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1011=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1011=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1011=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1011=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1011=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1011=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1011=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Manager Retail Branch Server 4.0 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Manager Proxy 4.0 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE Enterprise Storage 6 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 - SUSE CaaS Platform 4.0 (noarch): dehydrated-0.7.0-3.12.2 dehydrated-apache2-0.7.0-3.12.2 References: From sle-updates at lists.suse.com Sat Apr 3 06:08:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Apr 2021 08:08:05 +0200 (CEST) Subject: SUSE-CU-2021:94-1: Security update of suse/sles12sp3 Message-ID: <20210403060805.A9153B462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:94-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.237 , suse/sles12sp3:latest Container Release : 24.237 Severity : important Type : security References : 1116107 1159635 1174215 1175109 1178727 1178823 1178909 1178925 1178966 1179398 1179398 1179399 1179491 1180073 1181728 1182138 1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 CVE-2019-19906 CVE-2020-1971 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8231 CVE-2020-8284 CVE-2020-8284 CVE-2020-8285 CVE-2021-23840 CVE-2021-23841 CVE-2021-27212 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3569-1 Released: Mon Nov 30 17:13:16 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1178727 This update for pam fixes the following issue: - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3573-1 Released: Mon Nov 30 18:13:05 2020 Summary: Recommended update for sg3_utils Type: recommended Severity: low References: 1116107 This update for sg3_utils fixes the following issues: - Fixed wrong device ID for devices using NAA extended format (bsc#1116107) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3763-1 Released: Fri Dec 11 14:17:32 2020 Summary: Security update for openssl Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3794-1 Released: Mon Dec 14 17:40:20 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1174215,1178925,1178966 This update for libzypp, zypper fixes the following issues: Changes in zypper: - Fix typo in `list-patches` help. (bsc#1178925) The options for selecting issues matching the specified string is `--issue[=STRING]`, not `--issues[=STRING]`. Changes in libzypp: - Fix in repository manager for removing non-directory entries related to the cache. (bsc#1178966) - Remove from the logs the credentials available from the authorization header. (bsc#1174215) The authorization header may include base64 encoded credentials which could be restored from the log file. The credentials are now stripped from the log. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3800-1 Released: Mon Dec 14 18:55:59 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,1179398,CVE-2020-8231,CVE-2020-8284 This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8231: Fixed an issue with trusting FTP PASV responses (bsc#1175109). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3876-1 Released: Fri Dec 18 16:45:25 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,CVE-2020-8284,CVE-2020-8285 This update for curl fixes the following issue: - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). - CVE-2020-8284: Adjust trusting FTP PASV responses (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3939-1 Released: Mon Dec 28 14:29:41 2020 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:26-1 Released: Tue Jan 5 14:18:00 2021 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:128-1 Released: Thu Jan 14 11:01:24 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:588-1 Released: Thu Feb 25 06:10:02 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1182138 This update for file fixes the following issues: - Fixed an issue when file is used with a string started with '80'. (bsc#1182138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:693-1 Released: Wed Mar 3 18:13:33 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:939-1 Released: Wed Mar 24 12:24:38 2021 Summary: Security update for openssl Type: security Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:970-1 Released: Mon Mar 29 14:53:14 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1181728 This update for apparmor fixes the following issues: - Add abstraction/base fix to apparmor-profile. (bsc#1181728) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1003-1 Released: Thu Apr 1 15:06:58 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) From sle-updates at lists.suse.com Sat Apr 3 06:18:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Apr 2021 08:18:19 +0200 (CEST) Subject: SUSE-CU-2021:95-1: Security update of suse/sles12sp4 Message-ID: <20210403061819.5AF4CB462A9@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:95-1 Container Tags : suse/sles12sp4:26.268 , suse/sles12sp4:latest Container Release : 26.268 Severity : important Type : security References : 1082318 1088639 1112438 1125689 1134616 1146182 1146184 1159635 1174215 1178727 1178823 1178909 1178925 1178966 1179491 1180038 1180073 1180777 1180959 1181358 1181365 1181505 1182117 1182138 1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 962914 964140 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-19906 CVE-2019-25013 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 CVE-2020-1971 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-23840 CVE-2021-23841 CVE-2021-27212 CVE-2021-3326 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3569-1 Released: Mon Nov 30 17:13:16 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1178727 This update for pam fixes the following issue: - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3732-1 Released: Wed Dec 9 18:18:03 2020 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3794-1 Released: Mon Dec 14 17:40:20 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1174215,1178925,1178966 This update for libzypp, zypper fixes the following issues: Changes in zypper: - Fix typo in `list-patches` help. (bsc#1178925) The options for selecting issues matching the specified string is `--issue[=STRING]`, not `--issues[=STRING]`. Changes in libzypp: - Fix in repository manager for removing non-directory entries related to the cache. (bsc#1178966) - Remove from the logs the credentials available from the authorization header. (bsc#1174215) The authorization header may include base64 encoded credentials which could be restored from the log file. The credentials are now stripped from the log. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3939-1 Released: Mon Dec 28 14:29:41 2020 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:26-1 Released: Tue Jan 5 14:18:00 2021 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:128-1 Released: Thu Jan 14 11:01:24 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:244-1 Released: Fri Jan 29 09:46:42 2021 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180777,1180959 This update for openssl-1_0_0 fixes the following issues: - Add declaration of BN_secure_new() function needed by other packages. (bsc#1180777) - Add FIPS elliptic curve key check necessary for FIPS 140-2 certification. (bsc#1180959) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:588-1 Released: Thu Feb 25 06:10:02 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1182138 This update for file fixes the following issues: - Fixed an issue when file is used with a string started with '80'. (bsc#1182138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:608-1 Released: Thu Feb 25 21:03:59 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1180038,1181365,1181505,1182117,CVE-2019-25013,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) - powerpc: Add support for POWER10 (bsc#1181365) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:693-1 Released: Wed Mar 3 18:13:33 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:725-1 Released: Mon Mar 8 16:47:37 2021 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:932-1 Released: Wed Mar 24 12:13:01 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1082318,1088639,1112438,1125689,1134616,1146182,1146184,1181358,962914,964140,966514,CVE-2016-1544,CVE-2018-1000168,CVE-2019-9511,CVE-2019-9513,CVE-2020-11080 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1003-1 Released: Thu Apr 1 15:06:58 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) From sle-updates at lists.suse.com Tue Apr 6 13:15:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 15:15:23 +0200 (CEST) Subject: SUSE-RU-2021:1014-1: moderate: Recommended update for oracleasm Message-ID: <20210406131523.B4368F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1014-1 Rating: moderate References: #1177231 #1182570 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. - Fixed an issue when 'kfod' hangs by accessing the 'asmlib' disk device. (bsc#1177231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1014=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1014=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_24.52-13.7.2 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_24.52-13.7.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_8.3-13.7.2 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.3-13.7.2 References: https://bugzilla.suse.com/1177231 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 13:16:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 15:16:26 +0200 (CEST) Subject: SUSE-RU-2021:1013-1: moderate: Recommended update for drbd Message-ID: <20210406131626.68FD4F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1013-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1013=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-9.0.22~1+git.fe2b5983-3.7.8 drbd-debugsource-9.0.22~1+git.fe2b5983-3.7.8 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_24.52-3.7.8 drbd-kmp-default-debuginfo-9.0.22~1+git.fe2b5983_k5.3.18_24.52-3.7.8 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 13:17:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 15:17:24 +0200 (CEST) Subject: SUSE-RU-2021:1015-1: moderate: Recommended update for lttng-modules Message-ID: <20210406131724.8825BF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1015-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lttng-modules fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1015=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): lttng-modules-2.10.10-5.3.9 lttng-modules-debugsource-2.10.10-5.3.9 lttng-modules-kmp-default-2.10.10_k5.3.18_24.52-5.3.9 lttng-modules-kmp-default-debuginfo-2.10.10_k5.3.18_24.52-5.3.9 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 13:18:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 15:18:25 +0200 (CEST) Subject: SUSE-RU-2021:1016-1: moderate: Recommended update for crash Message-ID: <20210406131825.44810F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1016-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1016=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1016=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): crash-kmp-rt-7.2.8_k5.3.18_8.3-18.4.8 crash-kmp-rt-debuginfo-7.2.8_k5.3.18_8.3-18.4.8 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): crash-7.2.8-18.4.8 crash-debuginfo-7.2.8-18.4.8 crash-debugsource-7.2.8-18.4.8 crash-devel-7.2.8-18.4.8 crash-kmp-default-7.2.8_k5.3.18_24.52-18.4.8 crash-kmp-default-debuginfo-7.2.8_k5.3.18_24.52-18.4.8 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): crash-gcore-7.2.8-18.4.8 crash-gcore-debuginfo-7.2.8-18.4.8 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 13:19:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 15:19:22 +0200 (CEST) Subject: SUSE-RU-2021:1012-1: moderate: Recommended update for dpdk Message-ID: <20210406131922.19B8DF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1012-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1012=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1012=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le x86_64): dpdk-19.11.4-3.11.8 dpdk-debuginfo-19.11.4-3.11.8 dpdk-debugsource-19.11.4-3.11.8 dpdk-devel-19.11.4-3.11.8 dpdk-devel-debuginfo-19.11.4-3.11.8 dpdk-kmp-default-19.11.4_k5.3.18_24.52-3.11.8 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_24.52-3.11.8 dpdk-tools-19.11.4-3.11.8 dpdk-tools-debuginfo-19.11.4-3.11.8 libdpdk-20_0-19.11.4-3.11.8 libdpdk-20_0-debuginfo-19.11.4-3.11.8 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): dpdk-thunderx-19.11.4-3.11.8 dpdk-thunderx-debuginfo-19.11.4-3.11.8 dpdk-thunderx-debugsource-19.11.4-3.11.8 dpdk-thunderx-devel-19.11.4-3.11.8 dpdk-thunderx-devel-debuginfo-19.11.4-3.11.8 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.52-3.11.8 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_24.52-3.11.8 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libdpdk-20_0-19.11.4-3.11.8 libdpdk-20_0-debuginfo-19.11.4-3.11.8 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 16:15:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 18:15:36 +0200 (CEST) Subject: SUSE-RU-2021:1022-1: Recommended update for xdm Message-ID: <20210406161536.9F9D4F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1022-1 Rating: low References: #1183698 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdm fixes the following issues: - Corrected the pid file path of display-manager.service (bsc#1183698) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1022=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xdm-1.1.11-13.9.1 xdm-debuginfo-1.1.11-13.9.1 xdm-debugsource-1.1.11-13.9.1 References: https://bugzilla.suse.com/1183698 From sle-updates at lists.suse.com Tue Apr 6 16:16:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 18:16:35 +0200 (CEST) Subject: SUSE-RU-2021:1017-1: moderate: Recommended update for dehydrated Message-ID: <20210406161635.776E3F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dehydrated ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1017-1 Rating: moderate References: ECO-3435 SLE-15909 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for dehydrated fixes the following issues: - Add directory where cleanup can archive unused certificates - Clarified new default settings. KEY_ALGO=secp384r1. Please consult README.maintainer for details and how to return to RSA-based certificate issuance. (jsc#ECO-3435, jsc#SLE-15909) - Added a note about ACMEv1 deprecation - Added a note on new ACME providers and the new non-URL provider syntax. See README.maintainer for details. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1017=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): dehydrated-0.7.0-11.6.1 dehydrated-apache2-0.7.0-11.6.1 dehydrated-nginx-0.7.0-11.6.1 References: From sle-updates at lists.suse.com Tue Apr 6 16:17:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 18:17:30 +0200 (CEST) Subject: SUSE-RU-2021:1020-1: moderate: Recommended update for yast2-network Message-ID: <20210406161730.45314F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1020-1 Rating: moderate References: #1183639 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - It does now correctly provide the layer2 argument when activating a qeth device (bsc#1183639) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1020=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1020=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.97-3.52.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-network-4.2.97-3.52.1 References: https://bugzilla.suse.com/1183639 From sle-updates at lists.suse.com Tue Apr 6 16:18:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 18:18:29 +0200 (CEST) Subject: SUSE-RU-2021:1021-1: moderate: Recommended update for cups Message-ID: <20210406161829.1ED83F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1021-1 Rating: moderate References: #1175960 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cups fixes the following issues: - Fixed the web UI kerberos authentication (bsc#1175960) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1021=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1021=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.23.1 cups-ddk-debuginfo-2.2.7-3.23.1 cups-debuginfo-2.2.7-3.23.1 cups-debugsource-2.2.7-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.23.1 cups-client-2.2.7-3.23.1 cups-client-debuginfo-2.2.7-3.23.1 cups-config-2.2.7-3.23.1 cups-debuginfo-2.2.7-3.23.1 cups-debugsource-2.2.7-3.23.1 cups-devel-2.2.7-3.23.1 libcups2-2.2.7-3.23.1 libcups2-debuginfo-2.2.7-3.23.1 libcupscgi1-2.2.7-3.23.1 libcupscgi1-debuginfo-2.2.7-3.23.1 libcupsimage2-2.2.7-3.23.1 libcupsimage2-debuginfo-2.2.7-3.23.1 libcupsmime1-2.2.7-3.23.1 libcupsmime1-debuginfo-2.2.7-3.23.1 libcupsppdc1-2.2.7-3.23.1 libcupsppdc1-debuginfo-2.2.7-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcups2-32bit-2.2.7-3.23.1 libcups2-32bit-debuginfo-2.2.7-3.23.1 References: https://bugzilla.suse.com/1175960 From sle-updates at lists.suse.com Tue Apr 6 16:19:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 18:19:27 +0200 (CEST) Subject: SUSE-RU-2021:1018-1: moderate: Recommended update for gzip Message-ID: <20210406161928.001EBF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gzip ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1018-1 Rating: moderate References: #1180713 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1018=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): gzip-1.10-3.8.1 gzip-debuginfo-1.10-3.8.1 gzip-debugsource-1.10-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gzip-1.10-3.8.1 gzip-debuginfo-1.10-3.8.1 gzip-debugsource-1.10-3.8.1 References: https://bugzilla.suse.com/1180713 From sle-updates at lists.suse.com Tue Apr 6 16:20:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 18:20:26 +0200 (CEST) Subject: SUSE-RU-2021:1019-1: moderate: Recommended update for gdb Message-ID: <20210406162026.78267F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1019-1 Rating: moderate References: #1180786 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdb fixes the following issues: - Fixed a heap-use-after-free issue in remote_async_inferior_event_handler - Changed the license back to "GPL-3.0-or-later AND GPL-3.0-with-GCC-exception AND LGPL-2.1-or-later AND LGPL-3.0-or-later" - it was accidentally changed (bsc#1180786) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1019=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): gdb-10.1-8.24.1 gdb-debuginfo-10.1-8.24.1 gdb-debugsource-10.1-8.24.1 gdbserver-10.1-8.24.1 gdbserver-debuginfo-10.1-8.24.1 References: https://bugzilla.suse.com/1180786 From sle-updates at lists.suse.com Tue Apr 6 19:15:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 21:15:08 +0200 (CEST) Subject: SUSE-SU-2021:1023-1: important: Security update for xen Message-ID: <20210406191508.16F83F79F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1023-1 Rating: important References: #1027519 #1177112 #1177204 #1178591 #1178736 #1179148 #1181254 #1181989 #1182846 #1183072 Cross-References: CVE-2020-28368 CVE-2021-20257 CVE-2021-28687 CVE-2021-3308 CVSS scores: CVE-2020-28368 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-28368 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: VUL-0: xen: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - CVE-2021-20257: VUL-0: xen: infinite loop issue in the e1000 NIC emulator (bsc#1182846) - CVE-2020-28368: VUL-0: xen: Intel RAPL sidechannel attack aka PLATYPUS attack aka (bsc#1178591, XSA-351) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - Kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - OpenQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Allow restart of xenwatchdogd, enable tuning of keep-alive interval and timeout options via XENWATCHDOGD_ARGS= (bsc#1178736) - The receiving side did detect holes in a to-be-allocated superpage, but allocated a superpage anyway. This resulted to over-allocation (bsc#1177112) - The receiving side may punch holes incorrectly into optimistically allocated superpages. Also reduce overhead in bitmap handling (bsc#1177112) - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1023=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1023=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_09-3.39.3 xen-devel-4.12.4_09-3.39.3 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_09-3.39.3 xen-debugsource-4.12.4_09-3.39.3 xen-doc-html-4.12.4_09-3.39.3 xen-libs-32bit-4.12.4_09-3.39.3 xen-libs-4.12.4_09-3.39.3 xen-libs-debuginfo-32bit-4.12.4_09-3.39.3 xen-libs-debuginfo-4.12.4_09-3.39.3 xen-tools-4.12.4_09-3.39.3 xen-tools-debuginfo-4.12.4_09-3.39.3 xen-tools-domU-4.12.4_09-3.39.3 xen-tools-domU-debuginfo-4.12.4_09-3.39.3 References: https://www.suse.com/security/cve/CVE-2020-28368.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-28687.html https://www.suse.com/security/cve/CVE-2021-3308.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1177112 https://bugzilla.suse.com/1177204 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178736 https://bugzilla.suse.com/1179148 https://bugzilla.suse.com/1181254 https://bugzilla.suse.com/1181989 https://bugzilla.suse.com/1182846 https://bugzilla.suse.com/1183072 From sle-updates at lists.suse.com Tue Apr 6 19:16:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 21:16:50 +0200 (CEST) Subject: SUSE-RU-2021:1025-1: moderate: Recommended update for lttng-modules Message-ID: <20210406191650.30F9BF79F@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1025-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lttng-modules fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1025=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): lttng-modules-2.10.9-8.9.7 lttng-modules-debugsource-2.10.9-8.9.7 lttng-modules-kmp-default-2.10.9_k4.12.14_122.63-8.9.7 lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.63-8.9.7 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 19:17:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 21:17:46 +0200 (CEST) Subject: SUSE-SU-2021:1028-1: important: Security update for xen Message-ID: <20210406191746.673E5F79F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1028-1 Rating: important References: #1027519 #1177204 #1179148 #1180690 #1181254 #1181989 #1182576 #1183072 Cross-References: CVE-2021-28687 CVE-2021-3308 CVSS scores: CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1028=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1028=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1028=1 Package List: - SUSE MicroOS 5.0 (x86_64): xen-debugsource-4.13.2_08-3.25.3 xen-libs-4.13.2_08-3.25.3 xen-libs-debuginfo-4.13.2_08-3.25.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.2_08-3.25.3 xen-debugsource-4.13.2_08-3.25.3 xen-devel-4.13.2_08-3.25.3 xen-tools-4.13.2_08-3.25.3 xen-tools-debuginfo-4.13.2_08-3.25.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.2_08-3.25.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.2_08-3.25.3 xen-libs-4.13.2_08-3.25.3 xen-libs-debuginfo-4.13.2_08-3.25.3 xen-tools-domU-4.13.2_08-3.25.3 xen-tools-domU-debuginfo-4.13.2_08-3.25.3 References: https://www.suse.com/security/cve/CVE-2021-28687.html https://www.suse.com/security/cve/CVE-2021-3308.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1177204 https://bugzilla.suse.com/1179148 https://bugzilla.suse.com/1180690 https://bugzilla.suse.com/1181254 https://bugzilla.suse.com/1181989 https://bugzilla.suse.com/1182576 https://bugzilla.suse.com/1183072 From sle-updates at lists.suse.com Tue Apr 6 19:19:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 21:19:19 +0200 (CEST) Subject: SUSE-RU-2021:1024-1: moderate: Recommended update for dpdk Message-ID: <20210406191919.1F957F79F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1024-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1024=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1024=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.9-3.17.12 dpdk-debugsource-18.11.9-3.17.12 dpdk-devel-18.11.9-3.17.12 dpdk-devel-debuginfo-18.11.9-3.17.12 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): dpdk-thunderx-debuginfo-18.11.9-3.17.12 dpdk-thunderx-debugsource-18.11.9-3.17.12 dpdk-thunderx-devel-18.11.9-3.17.12 dpdk-thunderx-devel-debuginfo-18.11.9-3.17.12 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): dpdk-18.11.9-3.17.12 dpdk-debuginfo-18.11.9-3.17.12 dpdk-debugsource-18.11.9-3.17.12 dpdk-tools-18.11.9-3.17.12 dpdk-tools-debuginfo-18.11.9-3.17.12 libdpdk-18_11-18.11.9-3.17.12 libdpdk-18_11-debuginfo-18.11.9-3.17.12 - SUSE Linux Enterprise Server 12-SP5 (aarch64): dpdk-thunderx-18.11.9-3.17.12 dpdk-thunderx-debuginfo-18.11.9-3.17.12 dpdk-thunderx-debugsource-18.11.9-3.17.12 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.63-3.17.12 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_122.63-3.17.12 - SUSE Linux Enterprise Server 12-SP5 (x86_64): dpdk-kmp-default-18.11.9_k4.12.14_122.63-3.17.12 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_122.63-3.17.12 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 19:20:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 21:20:15 +0200 (CEST) Subject: SUSE-RU-2021:1026-1: moderate: Recommended update for oracleasm Message-ID: <20210406192015.13FAFF79F@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1026-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1026=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_122.63-9.7.7 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_122.63-9.7.7 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 19:21:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Apr 2021 21:21:15 +0200 (CEST) Subject: SUSE-RU-2021:1027-1: moderate: Recommended update for crash Message-ID: <20210406192115.8ADE1F79F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1027-1 Rating: moderate References: #1178827 #1182570 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. - Fix crash utility is taking forever to initialize a vmcore from large config system (bsc#1178827) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1027=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1027=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-8.9.1 crash-debugsource-7.2.1-8.9.1 crash-devel-7.2.1-8.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): crash-7.2.1-8.9.1 crash-debuginfo-7.2.1-8.9.1 crash-debugsource-7.2.1-8.9.1 crash-kmp-default-7.2.1_k4.12.14_122.63-8.9.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_122.63-8.9.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): crash-gcore-7.2.1-8.9.1 crash-gcore-debuginfo-7.2.1-8.9.1 References: https://bugzilla.suse.com/1178827 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 6 22:15:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 00:15:08 +0200 (CEST) Subject: SUSE-SU-2021:1030-1: moderate: Security update for gssproxy Message-ID: <20210406221508.AD7F3F78E@maintenance.suse.de> SUSE Security Update: Security update for gssproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1030-1 Rating: moderate References: #1180515 Cross-References: CVE-2020-12658 CVSS scores: CVE-2020-12658 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-12658 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gssproxy fixes the following issues: - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking cond_mutex before pthread exit in gp_worker_main() (bsc#1180515). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1030=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gssproxy-0.8.2-4.5.1 gssproxy-debuginfo-0.8.2-4.5.1 References: https://www.suse.com/security/cve/CVE-2020-12658.html https://bugzilla.suse.com/1180515 From sle-updates at lists.suse.com Tue Apr 6 22:16:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 00:16:10 +0200 (CEST) Subject: SUSE-SU-2021:1029-1: moderate: Security update for gssproxy Message-ID: <20210406221610.465C1F78E@maintenance.suse.de> SUSE Security Update: Security update for gssproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1029-1 Rating: moderate References: #1180515 Cross-References: CVE-2020-12658 CVSS scores: CVE-2020-12658 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-12658 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gssproxy fixes the following issues: - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking cond_mutex before pthread exit in gp_worker_main() (bsc#1180515). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1029=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gssproxy-0.8.2-3.6.1 gssproxy-debuginfo-0.8.2-3.6.1 gssproxy-debugsource-0.8.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-12658.html https://bugzilla.suse.com/1180515 From sle-updates at lists.suse.com Wed Apr 7 10:15:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 12:15:50 +0200 (CEST) Subject: SUSE-SU-2021:1046-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) Message-ID: <20210407101550.75195F79F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1046-1 Rating: important References: #1179664 #1182717 #1183120 #1183491 Cross-References: CVE-2020-29368 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVSS scores: CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_63 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). - CVE-2020-29368: Fixed a race condition in a THP mapcount check (bsc#1179664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1046=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_63-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://bugzilla.suse.com/1179664 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183120 https://bugzilla.suse.com/1183491 From sle-updates at lists.suse.com Wed Apr 7 10:17:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 12:17:11 +0200 (CEST) Subject: SUSE-SU-2021:1074-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) Message-ID: <20210407101711.3BEAEF79F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1074-1 Rating: important References: #1165631 #1176931 #1177513 #1182717 #1183120 #1183491 Cross-References: CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVSS scores: CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-1749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25645 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25645 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_141 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to local escalation of privilege with System execution privileges needed (bsc#1176931). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1074=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1074=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_141-default-2-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-2-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_141-default-2-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25645.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1177513 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183120 https://bugzilla.suse.com/1183491 From sle-updates at lists.suse.com Wed Apr 7 13:16:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 15:16:10 +0200 (CEST) Subject: SUSE-SU-2021:1075-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP5) Message-ID: <20210407131610.C9EEDF79F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1075-1 Rating: important References: #1182717 #1183120 #1183491 Cross-References: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVSS scores: CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_222 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1067=1 SUSE-SLE-SAP-12-SP3-2021-1068=1 SUSE-SLE-SAP-12-SP3-2021-1069=1 SUSE-SLE-SAP-12-SP3-2021-1070=1 SUSE-SLE-SAP-12-SP3-2021-1071=1 SUSE-SLE-SAP-12-SP3-2021-1072=1 SUSE-SLE-SAP-12-SP3-2021-1073=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1067=1 SUSE-SLE-SERVER-12-SP3-2021-1068=1 SUSE-SLE-SERVER-12-SP3-2021-1069=1 SUSE-SLE-SERVER-12-SP3-2021-1070=1 SUSE-SLE-SERVER-12-SP3-2021-1071=1 SUSE-SLE-SERVER-12-SP3-2021-1072=1 SUSE-SLE-SERVER-12-SP3-2021-1073=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1064=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1065=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1066=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1084=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1085=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1086=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1087=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1088=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1089=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1090=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1091=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1092=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1052=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1053=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1054=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1055=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1056=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1057=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1058=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1059=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1060=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1061=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1062=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1063=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1083=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1093=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1047=1 SUSE-SLE-Module-Live-Patching-15-2021-1048=1 SUSE-SLE-Module-Live-Patching-15-2021-1049=1 SUSE-SLE-Module-Live-Patching-15-2021-1050=1 SUSE-SLE-Module-Live-Patching-15-2021-1051=1 SUSE-SLE-Module-Live-Patching-15-2021-1082=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1034=1 SUSE-SLE-Live-Patching-12-SP5-2021-1035=1 SUSE-SLE-Live-Patching-12-SP5-2021-1036=1 SUSE-SLE-Live-Patching-12-SP5-2021-1037=1 SUSE-SLE-Live-Patching-12-SP5-2021-1038=1 SUSE-SLE-Live-Patching-12-SP5-2021-1039=1 SUSE-SLE-Live-Patching-12-SP5-2021-1040=1 SUSE-SLE-Live-Patching-12-SP5-2021-1041=1 SUSE-SLE-Live-Patching-12-SP5-2021-1042=1 SUSE-SLE-Live-Patching-12-SP5-2021-1043=1 SUSE-SLE-Live-Patching-12-SP5-2021-1044=1 SUSE-SLE-Live-Patching-12-SP5-2021-1045=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1075=1 SUSE-SLE-Live-Patching-12-SP4-2021-1076=1 SUSE-SLE-Live-Patching-12-SP4-2021-1077=1 SUSE-SLE-Live-Patching-12-SP4-2021-1078=1 SUSE-SLE-Live-Patching-12-SP4-2021-1079=1 SUSE-SLE-Live-Patching-12-SP4-2021-1080=1 SUSE-SLE-Live-Patching-12-SP4-2021-1081=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-9-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_121-default-8-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_124-default-8-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_127-default-8-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_130-default-7-2.2 kgraft-patch-4_4_180-94_130-default-debuginfo-7-2.2 kgraft-patch-4_4_180-94_135-default-5-2.2 kgraft-patch-4_4_180-94_135-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_138-default-3-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-9-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_121-default-8-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_124-default-8-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_127-default-8-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_130-default-7-2.2 kgraft-patch-4_4_180-94_130-default-debuginfo-7-2.2 kgraft-patch-4_4_180-94_135-default-5-2.2 kgraft-patch-4_4_180-94_135-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_138-default-3-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-3-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-9-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-9-5.2 kernel-livepatch-5_3_18-24_12-default-7-2.2 kernel-livepatch-5_3_18-24_12-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_15-default-7-2.2 kernel-livepatch-5_3_18-24_15-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_24-default-7-2.2 kernel-livepatch-5_3_18-24_24-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_29-default-5-2.2 kernel-livepatch-5_3_18-24_29-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_34-default-5-2.2 kernel-livepatch-5_3_18-24_34-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_37-default-5-2.2 kernel-livepatch-5_3_18-24_37-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_43-default-4-2.2 kernel-livepatch-5_3_18-24_43-default-debuginfo-4-2.2 kernel-livepatch-5_3_18-24_46-default-4-2.2 kernel-livepatch-5_3_18-24_46-default-debuginfo-4-2.2 kernel-livepatch-5_3_18-24_49-default-3-2.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-3-2.2 kernel-livepatch-5_3_18-24_52-default-2-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-2-2.2 kernel-livepatch-5_3_18-24_9-default-8-2.2 kernel-livepatch-5_3_18-24_9-default-debuginfo-8-2.2 kernel-livepatch-SLE15-SP2_Update_0-debugsource-9-5.2 kernel-livepatch-SLE15-SP2_Update_1-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_10-debugsource-3-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-2-2.2 kernel-livepatch-SLE15-SP2_Update_2-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_3-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_4-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_5-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_6-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_7-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_8-debugsource-4-2.2 kernel-livepatch-SLE15-SP2_Update_9-debugsource-4-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_37-default-11-2.2 kernel-livepatch-4_12_14-197_40-default-10-2.2 kernel-livepatch-4_12_14-197_45-default-8-2.2 kernel-livepatch-4_12_14-197_48-default-8-2.2 kernel-livepatch-4_12_14-197_51-default-8-2.2 kernel-livepatch-4_12_14-197_56-default-7-2.2 kernel-livepatch-4_12_14-197_61-default-6-2.2 kernel-livepatch-4_12_14-197_64-default-5-2.2 kernel-livepatch-4_12_14-197_67-default-5-2.3 kernel-livepatch-4_12_14-197_72-default-4-2.2 kernel-livepatch-4_12_14-197_75-default-4-2.2 kernel-livepatch-4_12_14-197_78-default-4-2.2 kernel-livepatch-4_12_14-197_83-default-3-2.2 kernel-livepatch-4_12_14-197_86-default-2-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_52-default-8-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_55-default-8-2.2 kernel-livepatch-4_12_14-150_55-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_58-default-7-2.2 kernel-livepatch-4_12_14-150_58-default-debuginfo-7-2.2 kernel-livepatch-4_12_14-150_63-default-5-2.2 kernel-livepatch-4_12_14-150_63-default-debuginfo-5-2.2 kernel-livepatch-4_12_14-150_66-default-3-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-3-2.2 kernel-livepatch-4_12_14-150_69-default-2-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_20-default-11-2.2 kgraft-patch-4_12_14-122_23-default-10-2.2 kgraft-patch-4_12_14-122_26-default-10-2.2 kgraft-patch-4_12_14-122_29-default-10-2.2 kgraft-patch-4_12_14-122_32-default-10-2.2 kgraft-patch-4_12_14-122_37-default-9-2.2 kgraft-patch-4_12_14-122_41-default-8-2.2 kgraft-patch-4_12_14-122_46-default-6-2.2 kgraft-patch-4_12_14-122_51-default-6-2.2 kgraft-patch-4_12_14-122_54-default-4-2.2 kgraft-patch-4_12_14-122_57-default-4-2.2 kgraft-patch-4_12_14-122_60-default-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-10-2.2 kgraft-patch-4_12_14-95_54-default-8-2.2 kgraft-patch-4_12_14-95_57-default-8-2.2 kgraft-patch-4_12_14-95_60-default-7-2.2 kgraft-patch-4_12_14-95_65-default-4-2.2 kgraft-patch-4_12_14-95_68-default-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_71-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183120 https://bugzilla.suse.com/1183491 From sle-updates at lists.suse.com Wed Apr 7 16:15:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 18:15:32 +0200 (CEST) Subject: SUSE-SU-2021:1094-1: important: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk Message-ID: <20210407161532.022C4F79F@maintenance.suse.de> SUSE Security Update: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1094-1 Rating: important References: #1133120 #1133124 #1175899 #1180996 SLE-7171 Cross-References: CVE-2021-21261 CVSS scores: CVE-2021-21261 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-21261 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has three fixes is now available. Description: This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues: libostree: Update to version 2020.8 - Enable LTO. (bsc#1133120) - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile. - Summaries and delta have been reworked to allow more fine-grained fetching. - Fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures. - Static deltas can now be signed to more easily support offline verification. - There's now support for multiple initramfs images; Is it possible to have a "main" initramfs image and a secondary one which represents local configuration. - The documentation is now moved to https://ostreedev.github.io/ostree/ - Fix for an assertion failure when upgrading from systems before ostree supported devicetree. - ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. - ostree now supports `/` and `/boot` being on the same filesystem. - Improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file. - Fix a regression 2020.4 where the "readonly sysroot" changes incorrectly left the sysroot read-only on systems that started out with a read-only `/` (most of them, e.g. Fedora Silverblue/IoT at least). - The default dracut config now enables reproducibility. - There is a new ostree admin unlock `--transient`. This should to be a foundation for further support for "live" updates. - New `ed25519` signing support, powered by `libsodium`. - stree commit gained a new `--base` argument, which significantly simplifies constructing "derived" commits, particularly for systems using SELinux. - Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the `readonly=true` flag in the repo config is recommended. - Several fixes in locking for the temporary "staging" directories OSTree creates, particularly on NFS. - A new `timestamp-check-from-rev` option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. - Several fixes and enhancements made for "collection" pulls including a new `--mirror` option. - The ostree commit command learned a new `--mode-ro-executables` which enforces `W^R` semantics on all executables. - Added a new commit metadata key `OSTREE_COMMIT_META_KEY_ARCHITECTURE` to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. - Stop invalid usage of `%_libexecdir`: + Use `%{_prefix}/lib` where appropriate. + Use `_systemdgeneratordir` for the systemd-generators. + Define `_dracutmodulesdir` based on `dracut.pc`. Add BuildRequires(dracut) for this to work. xdg-desktop-portal: Update to version 1.8.0: - Ensure systemd rpm macros are called at install/uninstall times for systemd user services. - Add BuildRequires on systemd-rpm-macros. - openuri: - Allow skipping the chooser for more URL tyles - Robustness fixes - filechooser: - Return the current filter - Add a "directory" option - Document the "writable" option - camera: - Make the client node visible - Don't leak pipewire proxy - Fix file descriptor leaks - Testsuite improvements - Updated translations. - document: - Reduce the use of open fds - Add more tests and fix issues they found - Expose directories with their proper name - Support exporting directories - New fuse implementation - background: Avoid a segfault - screencast: Require pipewire 0.3 - Better support for snap and toolbox - Require `/usr/bin/fusermount`: `xdg-document-portal` calls out to the binary. (bsc#1175899) Without it, files or dirs can be selected, but whatever is done with or in them, will not have any effect - Fixes for `%_libexecdir` changing to `/usr/libexec` xdg-desktop-portal-gtk: Update to version 1.8.0: - filechooser: - Return the current filter - Handle the "directory" option to select directories - Only show preview when we have an image - screenshot: Fix cancellation - appchooser: Avoid a crash - wallpaper: - Properly preview placement settings - Drop the lockscreen option - printing: Improve the notification - Updated translations. - settings: Fall back to gsettings for enable-animations - screencast: Support Mutter version to 3 (New pipewire api ver 3). flatpak: - Update to version 1.10.2 (jsc#SLE-17238, ECO-3148) - This is a security update which fixes a potential attack where a flatpak application could use custom formated `.desktop` file to gain access to files on the host system. - Fix memory leaks - Documentation and translations updates - Spawn portal better handles non-utf8 filenames - Fix flatpak build on systems with setuid bwrap - Fix crash on updating apps with no deploy data - Remove deprecated texinfo packaging macros. - Support for the new repo format which should make updates faster and download less data. - The systemd generator snippets now call flatpak `--print-updated-env` in place of a bunch of shell for better login performance. - The `.profile` snippets now disable GVfs when calling flatpak to avoid spawning a gvfs daemon when logging in via ssh. - Flatpak now finds the pulseaudio sockets better in uncommon configurations. - Sandboxes with network access it now also has access to the `systemd-resolved` socket to do dns lookups. - Flatpak supports unsetting environment variables in the sandbox using `--unset-env`, and `--env=FOO=` now sets FOO to the empty string instead of unsetting it. - The spawn portal now has an option to share the pid namespace with the sub-sandbox. - This security update fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (bsc#1180996, CVE-2021-21261) - Fix support for ppc64. - Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, allow to remove python3 dependency on main package. - Enable LTO as gobject-introspection works fine with LTO. (bsc#1133124) - Fixed progress reporting for OCI and extra-data. - The in-memory summary cache is more efficient. - Fixed authentication getting stuck in a loop in some cases. - Fixed authentication error reporting. - Extract OCI info for runtimes as well as apps. - Fixed crash if anonymous authentication fails and `-y` is specified. - flatpak info now only looks at the specified installation if one is specified. - Better error reporting for server HTTP errors during download. - Uninstall now removes applications before the runtime it depends on. - Avoid updating metadata from the remote when uninstalling. - FlatpakTransaction now verifies all passed in refs to avoid. - Added validation of collection id settings for remotes. - Fix seccomp filters on s390. - Robustness fixes to the spawn portal. - Fix support for masking update in the system installation. - Better support for distros with uncommon models of merged `/usr`. - Cache responses from localed/AccountService. - Fix hangs in cases where `xdg-dbus-proxy` fails to start. - Fix double-free in cups socket detection. - OCI authenticator now doesn't ask for auth in case of http errors. - Fix invalid usage of `%{_libexecdir}` to reference systemd directories. - Fixes for `%_libexecdir` changing to `/usr/libexec` - Avoid calling authenticator in update if ref didn't change - Don't fail transaction if ref is already installed (after transaction start) - Fix flatpak run handling of userns in the `--device=all` case - Fix handling of extensions from different remotes - Fix flatpak run `--no-session-bus` - `FlatpakTransaction` has a new signal `install-authenticator` which clients can handle to install authenticators needed for the transaction. This is done in the CLI commands. - Now the host timezone data is always exposed, fixing several apps that had timezone issues. - There's a new systemd unit (not installed by default) to automatically detect plugged in usb sticks with sideload repos. - By default the `gdm env.d` file is no longer installed because the systemd generators work better. - `create-usb` now exports partial commits by default - Fix handling of docker media types in oci remotes - Fix subjects in `remote-info --log` output - This release is also able to host flatpak images on e.g. docker hub. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1094=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1094=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): flatpak-1.10.2-4.6.1 flatpak-debuginfo-1.10.2-4.6.1 flatpak-debugsource-1.10.2-4.6.1 flatpak-devel-1.10.2-4.6.1 flatpak-zsh-completion-1.10.2-4.6.1 libflatpak0-1.10.2-4.6.1 libflatpak0-debuginfo-1.10.2-4.6.1 libostree-2020.8-3.3.2 libostree-debuginfo-2020.8-3.3.2 libostree-debugsource-2020.8-3.3.2 libostree-devel-2020.8-3.3.2 system-user-flatpak-1.10.2-4.6.1 typelib-1_0-Flatpak-1_0-1.10.2-4.6.1 typelib-1_0-OSTree-1_0-2020.8-3.3.2 xdg-desktop-portal-1.8.0-5.3.2 xdg-desktop-portal-debuginfo-1.8.0-5.3.2 xdg-desktop-portal-debugsource-1.8.0-5.3.2 xdg-desktop-portal-devel-1.8.0-5.3.2 xdg-desktop-portal-gtk-1.8.0-3.3.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.3.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.3.1 xdg-desktop-portal-lang-1.8.0-5.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libostree-1-1-2020.8-3.3.2 libostree-1-1-debuginfo-2020.8-3.3.2 libostree-debuginfo-2020.8-3.3.2 libostree-debugsource-2020.8-3.3.2 References: https://www.suse.com/security/cve/CVE-2021-21261.html https://bugzilla.suse.com/1133120 https://bugzilla.suse.com/1133124 https://bugzilla.suse.com/1175899 https://bugzilla.suse.com/1180996 From sle-updates at lists.suse.com Wed Apr 7 16:19:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 18:19:45 +0200 (CEST) Subject: SUSE-IU-2021:429-1: Security update of suse-sles-15-sp2-chost-byos-v20210405-hvm-ssd-x86_64 Message-ID: <20210407161945.60A9EB462A9@westernhagen.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210405-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:429-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210405-hvm-ssd-x86_64:20210405 Image Release : Severity : important Type : security References : 1065600 1065729 1078466 1078720 1081134 1083473 1084610 1084864 1112500 1115408 1125671 1132477 1132565 1133568 1135130 1135224 1138203 1138487 1140565 1145508 1146705 1146898 1150394 1150612 1151713 1151927 1152052 1152472 1152489 1154121 1154353 1154393 1155518 1156395 1163776 1165780 1169514 1170442 1170998 1172442 1174075 1174514 1175289 1175519 1175970 1176171 1176201 1176248 1176262 1176708 1176711 1176784 1176785 1176855 1177109 1177125 1177127 1177222 1177326 1177440 1177529 1177883 1178142 1178168 1178386 1178775 1178801 1178801 1178969 1178995 1179082 1179137 1179243 1179264 1179265 1179428 1179660 1179694 1179721 1179756 1179847 1179929 1180020 1180038 1180058 1180073 1180083 1180176 1180243 1180336 1180401 1180401 1180403 1180501 1180596 1180686 1180827 1180846 1180933 1180964 1180989 1181011 1181126 1181131 1181133 1181259 1181283 1181313 1181328 1181358 1181505 1181544 1181574 1181622 1181637 1181655 1181671 1181674 1181710 1181720 1181730 1181732 1181735 1181736 1181738 1181747 1181753 1181818 1181831 1181843 1181854 1181896 1181944 1181958 1181960 1181967 1181985 1182047 1182057 1182066 1182110 1182117 1182118 1182128 1182140 1182168 1182171 1182175 1182244 1182246 1182259 1182262 1182263 1182265 1182266 1182267 1182268 1182271 1182272 1182273 1182275 1182276 1182278 1182279 1182283 1182324 1182328 1182331 1182333 1182341 1182362 1182374 1182379 1182380 1182381 1182406 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182430 1182439 1182441 1182442 1182443 1182444 1182445 1182446 1182447 1182449 1182454 1182455 1182456 1182457 1182458 1182459 1182460 1182461 1182462 1182463 1182464 1182465 1182466 1182485 1182489 1182490 1182507 1182547 1182558 1182560 1182561 1182571 1182599 1182602 1182626 1182629 1182650 1182672 1182676 1182683 1182684 1182686 1182688 1182770 1182798 1182800 1182801 1182854 1182856 1182959 1183012 1183073 1183094 1183370 1183371 1183456 1183457 1183572 1183574 1183852 1183933 1183934 CVE-2019-20916 CVE-2019-25013 CVE-2020-11080 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 CVE-2020-14343 CVE-2020-14372 CVE-2020-15257 CVE-2020-25613 CVE-2020-25632 CVE-2020-25647 CVE-2020-25659 CVE-2020-27618 CVE-2020-27749 CVE-2020-27779 CVE-2020-27840 CVE-2020-28493 CVE-2020-29368 CVE-2020-29374 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-8625 CVE-2021-20193 CVE-2021-20225 CVE-2021-20231 CVE-2021-20232 CVE-2021-20233 CVE-2021-20277 CVE-2021-21284 CVE-2021-21285 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-26720 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210405-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:419-1 Released: Wed Feb 10 12:03:33 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1181313 This update for open-iscsi fixes the following issues: - Fixes a segfault when exiting from iscsiadm (bsc#1181313) - Fix for several memory leaks in iscsiadm - Fix for a crash when function iscsi_rec_update_param() is invoked ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:435-1 Released: Thu Feb 11 14:47:25 2021 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: important References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:441-1 Released: Thu Feb 11 16:35:04 2021 Summary: Optional update for python3-jsonschema Type: optional Severity: low References: 1180403 This update provides the python3 variant of the jsonschema module to the SUSE Linux Enterprise 15 SP2 Basesystem module. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:507-1 Released: Thu Feb 18 09:34:49 2021 Summary: Security update for bind Type: security Severity: important References: 1182246,CVE-2020-8625 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:516-1 Released: Thu Feb 18 14:42:51 2021 Summary: Recommended update for docker, golang-github-docker-libnetwork Type: recommended Severity: moderate References: 1178801,1180401,1182168 This update for docker, golang-github-docker-libnetwork fixes the following issues: - A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:519-1 Released: Fri Feb 19 09:44:53 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1180501 This update for openssh fixes the following issues: - Fixed a crash which sometimes occured on connection termination, caused by accessing freed memory (bsc#1180501) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:551-1 Released: Tue Feb 23 09:31:53 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1180827,CVE-2021-26720 This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:571-1 Released: Tue Feb 23 16:11:33 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1180176 This update for cloud-init contains the following fixes: - Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing. - Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:573-1 Released: Wed Feb 24 09:58:38 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1176171,1180336 This update for dracut fixes the following issues: - arm/arm64: Add reset controllers (bsc#1180336) - Prevent creating unexpected files on the host when running dracut (bsc#1176171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:654-1 Released: Fri Feb 26 20:01:10 2021 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1181944,1182244,CVE-2020-28493 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:683-1 Released: Tue Mar 2 19:04:43 2021 Summary: Security update for grub2 Type: security Severity: important References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263,CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 This update for grub2 fixes the following issues: grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:689-1 Released: Tue Mar 2 19:08:40 2021 Summary: Security update for bind Type: security Severity: important References: 1180933 This update for bind fixes the following issues: - dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [bsc#1180933] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:741-1 Released: Tue Mar 9 16:11:49 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182110,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182341,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182507,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1 182801,1182854,1182856,CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735). - CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ). - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes). - ALSA: hda: Add another CometLake-H PCI ID (git-fixes). - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes). - ALSA: pcm: Call sync_stop at disconnection (git-fixes). - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes). - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes). - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes). - ALSA: usb-audio: More strict state change in EP (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - ASoC: cpcap: fix microphone timeslot mask (git-fixes). - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ASoC: simple-card-utils: Fix device module clock (git-fixes). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes). - ata: ahci_brcm: Add back regulators management (git-fixes). - ata: sata_nv: Fix retrieving of active qcs (git-fixes). - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - bcache: fix overflow in offset_to_stripe() (git-fixes). - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442). - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443). - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444). - block: fix inflight statistics of part0 (bsc#1182445). - block: respect queue limit of max discard segment (bsc#1182441). - block: virtio_blk: fix handling single range discard request (bsc#1182439). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (git-fixes). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). - bpf, cgroup: Fix problematic bounds check (bsc#1155518). - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626). - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - btrfs: fix race between RO remount and the cleaner task (bsc#1182626). - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626). - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626). - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: lift read-write mount setup from mount and remount (bsc#1182626). - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626). - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - caif: no need to check return value of debugfs_create functions (git-fixes). - ceph: fix flush_snap logic after putting caps (bsc#1182854). - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683). - cgroup: fix psi monitor for root cgroup (bsc#1182686). - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684). - chelsio/chtls: correct function return and return type (git-fixes). - chelsio/chtls: correct netdevice for vlan interface (git-fixes). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - chelsio/chtls: fix always leaking ctrl_skb (git-fixes). - chelsio/chtls: fix deadlock issue (git-fixes). - chelsio/chtls: fix memory leaks caused by a race (git-fixes). - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - chelsio/chtls: fix socket lock (git-fixes). - chelsio/chtls: fix tls record info to user (git-fixes). - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: fix nodfs mount option (bsc#1181710). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes). - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes). - clk: sunxi-ng: h6: Fix CEC clock (git-fixes). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes). - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes). - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4: fix all-mask IP address comparison (git-fixes). - cxgb4: fix checks for max queues to allocate (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: fix set but unused variable when DCB is disabled (git-fixes). - cxgb4: fix SGE queue dump destination buffer context (git-fixes). - cxgb4: fix the panic caused by non smac rewrite (git-fixes). - cxgb4: move DCB version extern to header file (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes). - cxgb4: set up filter action after rewrites (git-fixes). - cxgb4: use correct type for all-mask IP address comparison (git-fixes). - cxgb4: use unaligned conversion for fetching timestamp (git-fixes). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes). - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes). - dmaengine: hsu: disable spurious interrupt (git-fixes). - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes). - dm crypt: avoid truncating the logical block size (git-fixes). - dm: fix bio splitting and its bio completion order for regular IO (git-fixes). - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529). - dm thin metadata: fix lockdep complaint (bsc#1177529). - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529). - dm: use noio when sending kobject event (bsc#1177529). - docs: filesystems: vfs: correct flag name (bsc#1182856). - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes). - drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes). - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes). - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes). - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes). - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes). - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes). - drm/gma500: Fix error return code in psb_driver_load() (git-fixes). - drm/meson: Unbind all connectors on module removal (bsc#1152472) - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472) - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472) - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472) - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472) - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489) - Drop HID logitech patch that caused a regression (bsc#1182259) - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - ext4: prevent creating duplicate encrypted filenames (bsc#1182446). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware_loader: align .builtin_fw to 8 (git-fixes). - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446). - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - gma500: clean up error handling in init (git-fixes). - gpio: pcf857x: Fix missing first interrupt (git-fixes). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i2c: iproc: handle only slave interrupts which are enabled (git-fixes). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes). - i2c: stm32f7: fix configuration of the digital filter (git-fixes). - i3c: master: dw: Drop redundant disec call (git-fixes). - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025). - i40e: avoid premature Rx buffer reuse (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025). - iavf: fix double-release of rtnl_lock (git-fixes). - iavf: fix error return code in iavf_init_get_resources() (git-fixes). - iavf: fix speed reporting over virtchnl (git-fixes). - iavf: Fix updating statistics (git-fixes). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960). - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926). - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes). - igc: fix link speed advertising (git-fixes). - igc: Fix returning wrong statistics (git-fixes). - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes). - include/linux/memremap.h: remove stale comments (git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - Input: sur40 - fix an error code in sur40_probe() (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes). - iwlwifi: mvm: guard against device removal in reprobe (git-fixes). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes). - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes). - iwlwifi: pcie: fix context info memory leak (git-fixes). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - ixgbe: avoid premature Rx buffer reuse (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes). - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191). - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine. - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818). - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818). - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489). - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380). - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380). - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770). - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800). - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381). - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374). - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599). - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes). - mac80211: 160MHz with extended NSS BW in CSA (git-fixes). - mac80211: fix fast-rx encryption check (git-fixes). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - mac80211: pause TX while changing interface type (git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290). - matroxfb: avoid -Warray-bounds warning (bsc#1152472) - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes). - media: camss: missing error code in msm_video_register() (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: mt9v111: Remove unneeded device-managed puts (git-fixes). - media: pwc: Use correct device for DMA (bsc#1181133). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes). - memory: ti-aemif: Drop child node when jumping out loop (git-fixes). - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes). - mlxsw: core: Fix memory leak on module removal (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes). - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes). - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes). - net: axienet: Fix error return code in axienet_probe() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes). - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - net: dsa: mt7530: set CPU port to fallback mode (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: ave: Fix error returns in ave_init (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes). - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes). - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes). - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (git-fixes). - net: hns3: add reset check for VF updating port based VLAN (git-fixes). - net: hns3: clear port base VLAN when unload PF (git-fixes). - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes). - net: hns3: fix a TX timeout issue (git-fixes). - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes). - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes). - net: hns3: fix for VLAN config when reset failed (git-fixes). - net: hns3: fix RSS config lost after VF reset (git-fixes). - net: hns3: fix set and get link ksettings issue (git-fixes). - net: hns3: fix 'tc qdisc del' failed issue (git-fixes). - net: hns3: fix the number of queues actually used by ARQ (git-fixes). - net: hns3: fix use-after-free when doing self test (git-fixes). - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes). - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes). - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx5: Add handling of port type in rule deletion (git-fixes). - net/mlx5: Annotate mutex destroy for root ns (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes). - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes). - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes). - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes). - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes). - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (git-fixes). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes). - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net/mlx5e: Rename hw_modify to preactivate (git-fixes). - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes). - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5: Fix deletion of duplicate rules (git-fixes). - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes). - net/mlx5: Fix request_irqs error flow (git-fixes). - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes). - net: mscc: ocelot: fix address ageing time (again) (git-fixes). - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: disable force link UP during port init procedure (git-fixes). - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes). - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes). - net: netsec: Correct dma sync for XDP_TX frames (git-fixes). - net: nixge: fix potential memory leak in nixge_probe() (git-fixes). - net: octeon: mgmt: Repair filling of RX ring (git-fixes). - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes). - net: phy: extract link partner advertisement reading (git-fixes). - net: phy: extract pause mode (git-fixes). - net: phy: marvell10g: fix null pointer dereference (git-fixes). - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes). - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes). - net: qca_spi: fix receive buffer size check (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: qede: fix PTP initialization on recovery (git-fixes). - net: qede: fix use-after-free on recovery and AER handling (git-fixes). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix async event callbacks unregistering (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix 'maybe uninitialized' warning (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293). - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes). - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes). - net: rmnet: fix bridge mode bugs (git-fixes). - net: rmnet: fix lower interface leak (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes). - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes). - net: rmnet: fix suspicious RCU usage (git-fixes). - net: rmnet: print error message when command fails (git-fixes). - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes). - net: rmnet: use upper/lower device infrastructure (git-fixes). - net, sctp, filter: remap copy_from_user failure error (bsc#1181637). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix disabling flexible PPS output (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: Fix the TX IOC in xmit path (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes). - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes). - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). - nvme-hwmon: rework to avoid devm allocation (bsc#1177326). - nvme-multipath: Early exit if no path is available (bsc#1180964). - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137). - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547). - objtool: Do not fail on missing symbol table (bsc#1169514). - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989). - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395). - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395). - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395). - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes). - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes). - qed: select CONFIG_CRC32 (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - rcu/nocb: Perform deferred wake up before last idle's (git-fixes) - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes) - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes) - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248). - RDMA/efa: Count admin commands errors (bsc#1176248). - RDMA/efa: Count mmap failures (bsc#1176248). - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248). - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248). - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248). - RDMA/efa: Expose minimum SQ size (bsc#1176248). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248). - RDMA/efa: Properly document the interrupt mask register (bsc#1176248). - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248). - RDMA/efa: Report create CQ error counter (bsc#1176248). - RDMA/efa: Report host information to the device (bsc#1176248). - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248). - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248). - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248). - RDMA/efa: Use the correct current and new states in modify QP (git-fixes). - regulator: axp20x: Fix reference cout leak (git-fixes). - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes). - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes). - regulator: Fix lockdep warning resolving supplies (git-fixes). - regulator: s5m8767: Drop regulators OF node reference (git-fixes). - regulator: s5m8767: Fix reference count leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - reset: hisilicon: correct vendor prefix (git-fixes). - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes). - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes). - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - rtc: s5m: select REGMAP_I2C (git-fixes). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - sched: Reenable interrupts in do_sched_yield() (git-fixes) - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958). - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - soc: aspeed: snoop: Add clock control logic (git-fixes). - spi: atmel: Put allocated master before return (git-fixes). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes). - spi: spi-synquacer: fix set_cs handling (git-fixes). - spi: stm32: properly handle 0 byte transfer (git-fixes). - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266). - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267). - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tpm: Remove tpm_dev_wq_lock (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes). - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes). - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459). - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454). - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457). - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456). - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes). - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes). - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes). - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes). - USB: gadget: u_audio: Free requests only after callback (git-fixes). - USB: mUSB: Fix runtime PM race in musb_queue_resume_work (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: quirks: sort quirk entries (git-fixes). - USB: renesas_usbhs: Clear pipe running flag in USBhs_pkt_pop() (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (git-fixes). - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265). - virtio_net: Fix error code in probe() (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - vxlan: fix memleak of fdb (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272). - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558). - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276). - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430). - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273). - xfs: ratelimit xfs_discard_page messages (bsc#1182283). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275). - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278). - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). The kernel-default-base packaging was changed: - Added squashfs for kiwi installiso support (bsc#1182341) - Added fuse (bsc#1182507) - Added modules which got lost when migrating away from supported.conf (bsc#1182110): * am53c974 had a typo * cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress - Also added vport-* modules for Open vSwitch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:758-1 Released: Wed Mar 10 12:16:27 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1182688 This update for dracut fixes the following issues: - network-legacy: fix route parsing issues in ifup. (bsc#1182688) -0kernel-modules: arm/arm64: Add reset controllers - Prevent creating unexpected files on the host when running dracut - As of 'v246' of systemd 'syslog' and 'syslog-console' switches have been deprecated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:784-1 Released: Mon Mar 15 11:19:08 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1181967 This update for efivar fixes the following issues: - Fixed an issue with the NVME path parsing (bsc#1181967) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:802-1 Released: Tue Mar 16 16:54:12 2021 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1183073 This update for grub2 fixes the following issues: - Fixed chainloading windows on dual boot machine (bsc#1183073) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:881-1 Released: Fri Mar 19 04:16:42 2021 Summary: Recommended update for yast2-adcommon-python, yast2-aduc, samba Type: recommended Severity: moderate References: 1084864,1132565,1133568,1135130,1135224,1138203,1138487,1145508,1146898,1150394,1150612,1151713,1152052,1154121,1170998 This update for yast2-adcommon-python, yast2-aduc, samba fixes the following issues: - Update 'aduc' for 'realmd' customer. (jsc#SLE-5527) - Add ability to change/enable/unlock user's passwords. (bsc#1152052) - Fixes a Failure to authenticate on first try and throws a MemoryError on Ubuntu. (bsc#1151713) - Fixes an issue when unused 'xset' may cause exception in 'appimage'. (bsc#1150612) - Include other object creaiton options. (bsc#1138203) - Use the domain name stored in the samba credentials object. (bsc#1138487) - Display a backtrace if the connection fails. - Use new schema of desktop files. (bsc#1084864) - Move the module to Network Services. - Use common authentication from yast2-adcommon-python. - Switch to using a unified file/actions menu, instead of random buttons - Remove 'ad-dc' dependency. (jsc#ECO-2527) - Fix slow load of 'ADUC' caused by chatty ldap traffic. (bsc#1170998) - The domain label should be a text field, for manually entering the domain name. (bsc#1154121) - Fix to reconnect the 'ldap' session if it times out. (bsc#1150394) - 'AD' modules should connect to an AD-DC via the SamDB interface, instead of 'python-ldap'. (bsc#1146898) - Fix incorrectly placed domain in change domain dialog (bsc#1145508) - YaST 'aduc/adsi/gpmc' should not exit after entering empty password and explicitly state that an Active Directory administrator should sign in. (bsc#1132565) - Move schema parsing code from adsi to the common code. (bsc#1138203) - 'TypeError: Expected a string or unicode object' during auth. (bsc#1135224) - Authentication fails with 'Failed to initialize ldap connection'. (bsc#1135130) - Fix for an issue when 'yast2-adcommon-python' 'ldap' does not correctly parse 'ldap' urls. (bsc#1133568) - Initial version ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:933-1 Released: Wed Mar 24 12:16:14 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1177125,1177222,CVE-2020-25613 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:945-1 Released: Wed Mar 24 13:43:08 2021 Summary: Security update for ldb Type: security Severity: important References: 1183572,1183574,CVE-2020-27840,CVE-2021-20277 This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:960-1 Released: Mon Mar 29 11:16:28 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283 This update for cloud-init fixes the following issues: - Does no longer include the sudoers.d directory twice (bsc#1181283) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:991-1 Released: Wed Mar 31 13:28:37 2021 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1182324 This update for vim provides the following fixes: - Install SUSE vimrc in /usr. (bsc#1182324) - Source correct suse.vimrc file. (bsc#1182324) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) From sle-updates at lists.suse.com Wed Apr 7 16:20:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Apr 2021 18:20:55 +0200 (CEST) Subject: SUSE-IU-2021:430-1: Security update of sles-15-sp2-chost-byos-v20210405 Message-ID: <20210407162055.8CCC1B462A9@westernhagen.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210405 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:430-1 Image Tags : sles-15-sp2-chost-byos-v20210405:20210405 Image Release : Severity : important Type : security References : 1065600 1065729 1078466 1078720 1081134 1083473 1084610 1084864 1112500 1115408 1132477 1132565 1133568 1135130 1135224 1138203 1138487 1145508 1146705 1146898 1150394 1150612 1151713 1151927 1152052 1152472 1152489 1154121 1154353 1155518 1156395 1163776 1165780 1169514 1170442 1170998 1172442 1174075 1175519 1175970 1176171 1176201 1176248 1176262 1176708 1176711 1176855 1177109 1177125 1177127 1177222 1177326 1177440 1177529 1177883 1178142 1178386 1178775 1178801 1178801 1178969 1178995 1179082 1179137 1179243 1179264 1179265 1179428 1179660 1179694 1179721 1179756 1179847 1179929 1180020 1180038 1180058 1180073 1180083 1180243 1180336 1180401 1180401 1180501 1180596 1180686 1180827 1180846 1180933 1180964 1180989 1181011 1181126 1181131 1181133 1181259 1181313 1181328 1181358 1181505 1181544 1181574 1181622 1181637 1181655 1181671 1181674 1181710 1181720 1181730 1181732 1181735 1181736 1181738 1181747 1181753 1181818 1181831 1181843 1181854 1181896 1181958 1181960 1181967 1181985 1182047 1182057 1182110 1182117 1182118 1182128 1182140 1182168 1182171 1182175 1182246 1182259 1182262 1182263 1182265 1182266 1182267 1182268 1182271 1182272 1182273 1182275 1182276 1182278 1182279 1182283 1182324 1182328 1182331 1182333 1182341 1182362 1182374 1182379 1182380 1182381 1182406 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182430 1182439 1182441 1182442 1182443 1182444 1182445 1182446 1182447 1182449 1182454 1182455 1182456 1182457 1182458 1182459 1182460 1182461 1182462 1182463 1182464 1182465 1182466 1182485 1182489 1182490 1182507 1182547 1182558 1182560 1182561 1182571 1182599 1182602 1182626 1182629 1182650 1182672 1182676 1182683 1182684 1182686 1182688 1182770 1182798 1182800 1182801 1182854 1182856 1182959 1183012 1183073 1183094 1183370 1183371 1183456 1183457 1183572 1183574 1183852 1183933 1183934 CVE-2019-20916 CVE-2019-25013 CVE-2020-11080 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 CVE-2020-14372 CVE-2020-15257 CVE-2020-25613 CVE-2020-25632 CVE-2020-25647 CVE-2020-27618 CVE-2020-27749 CVE-2020-27779 CVE-2020-27840 CVE-2020-29368 CVE-2020-29374 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8625 CVE-2021-20193 CVE-2021-20225 CVE-2021-20231 CVE-2021-20232 CVE-2021-20233 CVE-2021-20277 CVE-2021-21284 CVE-2021-21285 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-26720 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20210405 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:419-1 Released: Wed Feb 10 12:03:33 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1181313 This update for open-iscsi fixes the following issues: - Fixes a segfault when exiting from iscsiadm (bsc#1181313) - Fix for several memory leaks in iscsiadm - Fix for a crash when function iscsi_rec_update_param() is invoked ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:435-1 Released: Thu Feb 11 14:47:25 2021 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: important References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:507-1 Released: Thu Feb 18 09:34:49 2021 Summary: Security update for bind Type: security Severity: important References: 1182246,CVE-2020-8625 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:516-1 Released: Thu Feb 18 14:42:51 2021 Summary: Recommended update for docker, golang-github-docker-libnetwork Type: recommended Severity: moderate References: 1178801,1180401,1182168 This update for docker, golang-github-docker-libnetwork fixes the following issues: - A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:519-1 Released: Fri Feb 19 09:44:53 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1180501 This update for openssh fixes the following issues: - Fixed a crash which sometimes occured on connection termination, caused by accessing freed memory (bsc#1180501) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:551-1 Released: Tue Feb 23 09:31:53 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1180827,CVE-2021-26720 This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:573-1 Released: Wed Feb 24 09:58:38 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1176171,1180336 This update for dracut fixes the following issues: - arm/arm64: Add reset controllers (bsc#1180336) - Prevent creating unexpected files on the host when running dracut (bsc#1176171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:683-1 Released: Tue Mar 2 19:04:43 2021 Summary: Security update for grub2 Type: security Severity: important References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263,CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 This update for grub2 fixes the following issues: grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:689-1 Released: Tue Mar 2 19:08:40 2021 Summary: Security update for bind Type: security Severity: important References: 1180933 This update for bind fixes the following issues: - dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [bsc#1180933] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:741-1 Released: Tue Mar 9 16:11:49 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182110,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182341,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182507,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1 182801,1182854,1182856,CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735). - CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ). - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes). - ALSA: hda: Add another CometLake-H PCI ID (git-fixes). - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes). - ALSA: pcm: Call sync_stop at disconnection (git-fixes). - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes). - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes). - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes). - ALSA: usb-audio: More strict state change in EP (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - ASoC: cpcap: fix microphone timeslot mask (git-fixes). - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ASoC: simple-card-utils: Fix device module clock (git-fixes). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes). - ata: ahci_brcm: Add back regulators management (git-fixes). - ata: sata_nv: Fix retrieving of active qcs (git-fixes). - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - bcache: fix overflow in offset_to_stripe() (git-fixes). - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442). - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443). - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444). - block: fix inflight statistics of part0 (bsc#1182445). - block: respect queue limit of max discard segment (bsc#1182441). - block: virtio_blk: fix handling single range discard request (bsc#1182439). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (git-fixes). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). - bpf, cgroup: Fix problematic bounds check (bsc#1155518). - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626). - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - btrfs: fix race between RO remount and the cleaner task (bsc#1182626). - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626). - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626). - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: lift read-write mount setup from mount and remount (bsc#1182626). - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626). - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - caif: no need to check return value of debugfs_create functions (git-fixes). - ceph: fix flush_snap logic after putting caps (bsc#1182854). - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683). - cgroup: fix psi monitor for root cgroup (bsc#1182686). - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684). - chelsio/chtls: correct function return and return type (git-fixes). - chelsio/chtls: correct netdevice for vlan interface (git-fixes). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - chelsio/chtls: fix always leaking ctrl_skb (git-fixes). - chelsio/chtls: fix deadlock issue (git-fixes). - chelsio/chtls: fix memory leaks caused by a race (git-fixes). - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - chelsio/chtls: fix socket lock (git-fixes). - chelsio/chtls: fix tls record info to user (git-fixes). - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: fix nodfs mount option (bsc#1181710). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes). - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes). - clk: sunxi-ng: h6: Fix CEC clock (git-fixes). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes). - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes). - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4: fix all-mask IP address comparison (git-fixes). - cxgb4: fix checks for max queues to allocate (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: fix set but unused variable when DCB is disabled (git-fixes). - cxgb4: fix SGE queue dump destination buffer context (git-fixes). - cxgb4: fix the panic caused by non smac rewrite (git-fixes). - cxgb4: move DCB version extern to header file (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes). - cxgb4: set up filter action after rewrites (git-fixes). - cxgb4: use correct type for all-mask IP address comparison (git-fixes). - cxgb4: use unaligned conversion for fetching timestamp (git-fixes). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes). - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes). - dmaengine: hsu: disable spurious interrupt (git-fixes). - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes). - dm crypt: avoid truncating the logical block size (git-fixes). - dm: fix bio splitting and its bio completion order for regular IO (git-fixes). - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529). - dm thin metadata: fix lockdep complaint (bsc#1177529). - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529). - dm: use noio when sending kobject event (bsc#1177529). - docs: filesystems: vfs: correct flag name (bsc#1182856). - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes). - drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes). - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes). - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes). - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes). - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes). - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes). - drm/gma500: Fix error return code in psb_driver_load() (git-fixes). - drm/meson: Unbind all connectors on module removal (bsc#1152472) - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472) - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472) - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472) - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472) - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489) - Drop HID logitech patch that caused a regression (bsc#1182259) - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - ext4: prevent creating duplicate encrypted filenames (bsc#1182446). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware_loader: align .builtin_fw to 8 (git-fixes). - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446). - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - gma500: clean up error handling in init (git-fixes). - gpio: pcf857x: Fix missing first interrupt (git-fixes). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i2c: iproc: handle only slave interrupts which are enabled (git-fixes). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes). - i2c: stm32f7: fix configuration of the digital filter (git-fixes). - i3c: master: dw: Drop redundant disec call (git-fixes). - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025). - i40e: avoid premature Rx buffer reuse (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025). - iavf: fix double-release of rtnl_lock (git-fixes). - iavf: fix error return code in iavf_init_get_resources() (git-fixes). - iavf: fix speed reporting over virtchnl (git-fixes). - iavf: Fix updating statistics (git-fixes). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960). - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926). - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes). - igc: fix link speed advertising (git-fixes). - igc: Fix returning wrong statistics (git-fixes). - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes). - include/linux/memremap.h: remove stale comments (git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - Input: sur40 - fix an error code in sur40_probe() (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes). - iwlwifi: mvm: guard against device removal in reprobe (git-fixes). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes). - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes). - iwlwifi: pcie: fix context info memory leak (git-fixes). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - ixgbe: avoid premature Rx buffer reuse (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes). - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191). - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine. - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818). - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818). - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489). - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380). - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380). - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770). - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800). - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381). - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374). - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599). - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes). - mac80211: 160MHz with extended NSS BW in CSA (git-fixes). - mac80211: fix fast-rx encryption check (git-fixes). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - mac80211: pause TX while changing interface type (git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290). - matroxfb: avoid -Warray-bounds warning (bsc#1152472) - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes). - media: camss: missing error code in msm_video_register() (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: mt9v111: Remove unneeded device-managed puts (git-fixes). - media: pwc: Use correct device for DMA (bsc#1181133). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes). - memory: ti-aemif: Drop child node when jumping out loop (git-fixes). - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes). - mlxsw: core: Fix memory leak on module removal (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes). - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes). - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes). - net: axienet: Fix error return code in axienet_probe() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes). - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - net: dsa: mt7530: set CPU port to fallback mode (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: ave: Fix error returns in ave_init (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes). - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes). - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes). - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (git-fixes). - net: hns3: add reset check for VF updating port based VLAN (git-fixes). - net: hns3: clear port base VLAN when unload PF (git-fixes). - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes). - net: hns3: fix a TX timeout issue (git-fixes). - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes). - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes). - net: hns3: fix for VLAN config when reset failed (git-fixes). - net: hns3: fix RSS config lost after VF reset (git-fixes). - net: hns3: fix set and get link ksettings issue (git-fixes). - net: hns3: fix 'tc qdisc del' failed issue (git-fixes). - net: hns3: fix the number of queues actually used by ARQ (git-fixes). - net: hns3: fix use-after-free when doing self test (git-fixes). - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes). - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes). - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx5: Add handling of port type in rule deletion (git-fixes). - net/mlx5: Annotate mutex destroy for root ns (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes). - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes). - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes). - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes). - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes). - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (git-fixes). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes). - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net/mlx5e: Rename hw_modify to preactivate (git-fixes). - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes). - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5: Fix deletion of duplicate rules (git-fixes). - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes). - net/mlx5: Fix request_irqs error flow (git-fixes). - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes). - net: mscc: ocelot: fix address ageing time (again) (git-fixes). - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: disable force link UP during port init procedure (git-fixes). - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes). - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes). - net: netsec: Correct dma sync for XDP_TX frames (git-fixes). - net: nixge: fix potential memory leak in nixge_probe() (git-fixes). - net: octeon: mgmt: Repair filling of RX ring (git-fixes). - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes). - net: phy: extract link partner advertisement reading (git-fixes). - net: phy: extract pause mode (git-fixes). - net: phy: marvell10g: fix null pointer dereference (git-fixes). - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes). - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes). - net: qca_spi: fix receive buffer size check (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: qede: fix PTP initialization on recovery (git-fixes). - net: qede: fix use-after-free on recovery and AER handling (git-fixes). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix async event callbacks unregistering (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix 'maybe uninitialized' warning (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293). - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes). - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes). - net: rmnet: fix bridge mode bugs (git-fixes). - net: rmnet: fix lower interface leak (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes). - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes). - net: rmnet: fix suspicious RCU usage (git-fixes). - net: rmnet: print error message when command fails (git-fixes). - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes). - net: rmnet: use upper/lower device infrastructure (git-fixes). - net, sctp, filter: remap copy_from_user failure error (bsc#1181637). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix disabling flexible PPS output (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: Fix the TX IOC in xmit path (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes). - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes). - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). - nvme-hwmon: rework to avoid devm allocation (bsc#1177326). - nvme-multipath: Early exit if no path is available (bsc#1180964). - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137). - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547). - objtool: Do not fail on missing symbol table (bsc#1169514). - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989). - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395). - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395). - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395). - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes). - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes). - qed: select CONFIG_CRC32 (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - rcu/nocb: Perform deferred wake up before last idle's (git-fixes) - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes) - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes) - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248). - RDMA/efa: Count admin commands errors (bsc#1176248). - RDMA/efa: Count mmap failures (bsc#1176248). - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248). - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248). - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248). - RDMA/efa: Expose minimum SQ size (bsc#1176248). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248). - RDMA/efa: Properly document the interrupt mask register (bsc#1176248). - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248). - RDMA/efa: Report create CQ error counter (bsc#1176248). - RDMA/efa: Report host information to the device (bsc#1176248). - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248). - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248). - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248). - RDMA/efa: Use the correct current and new states in modify QP (git-fixes). - regulator: axp20x: Fix reference cout leak (git-fixes). - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes). - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes). - regulator: Fix lockdep warning resolving supplies (git-fixes). - regulator: s5m8767: Drop regulators OF node reference (git-fixes). - regulator: s5m8767: Fix reference count leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - reset: hisilicon: correct vendor prefix (git-fixes). - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes). - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes). - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - rtc: s5m: select REGMAP_I2C (git-fixes). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - sched: Reenable interrupts in do_sched_yield() (git-fixes) - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958). - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - soc: aspeed: snoop: Add clock control logic (git-fixes). - spi: atmel: Put allocated master before return (git-fixes). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes). - spi: spi-synquacer: fix set_cs handling (git-fixes). - spi: stm32: properly handle 0 byte transfer (git-fixes). - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266). - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267). - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tpm: Remove tpm_dev_wq_lock (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes). - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes). - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459). - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454). - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457). - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456). - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes). - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes). - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes). - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes). - USB: gadget: u_audio: Free requests only after callback (git-fixes). - USB: mUSB: Fix runtime PM race in musb_queue_resume_work (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: quirks: sort quirk entries (git-fixes). - USB: renesas_usbhs: Clear pipe running flag in USBhs_pkt_pop() (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (git-fixes). - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265). - virtio_net: Fix error code in probe() (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - vxlan: fix memleak of fdb (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272). - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558). - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276). - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430). - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273). - xfs: ratelimit xfs_discard_page messages (bsc#1182283). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275). - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278). - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). The kernel-default-base packaging was changed: - Added squashfs for kiwi installiso support (bsc#1182341) - Added fuse (bsc#1182507) - Added modules which got lost when migrating away from supported.conf (bsc#1182110): * am53c974 had a typo * cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress - Also added vport-* modules for Open vSwitch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:758-1 Released: Wed Mar 10 12:16:27 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1182688 This update for dracut fixes the following issues: - network-legacy: fix route parsing issues in ifup. (bsc#1182688) -0kernel-modules: arm/arm64: Add reset controllers - Prevent creating unexpected files on the host when running dracut - As of 'v246' of systemd 'syslog' and 'syslog-console' switches have been deprecated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:784-1 Released: Mon Mar 15 11:19:08 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1181967 This update for efivar fixes the following issues: - Fixed an issue with the NVME path parsing (bsc#1181967) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:802-1 Released: Tue Mar 16 16:54:12 2021 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1183073 This update for grub2 fixes the following issues: - Fixed chainloading windows on dual boot machine (bsc#1183073) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:881-1 Released: Fri Mar 19 04:16:42 2021 Summary: Recommended update for yast2-adcommon-python, yast2-aduc, samba Type: recommended Severity: moderate References: 1084864,1132565,1133568,1135130,1135224,1138203,1138487,1145508,1146898,1150394,1150612,1151713,1152052,1154121,1170998 This update for yast2-adcommon-python, yast2-aduc, samba fixes the following issues: - Update 'aduc' for 'realmd' customer. (jsc#SLE-5527) - Add ability to change/enable/unlock user's passwords. (bsc#1152052) - Fixes a Failure to authenticate on first try and throws a MemoryError on Ubuntu. (bsc#1151713) - Fixes an issue when unused 'xset' may cause exception in 'appimage'. (bsc#1150612) - Include other object creaiton options. (bsc#1138203) - Use the domain name stored in the samba credentials object. (bsc#1138487) - Display a backtrace if the connection fails. - Use new schema of desktop files. (bsc#1084864) - Move the module to Network Services. - Use common authentication from yast2-adcommon-python. - Switch to using a unified file/actions menu, instead of random buttons - Remove 'ad-dc' dependency. (jsc#ECO-2527) - Fix slow load of 'ADUC' caused by chatty ldap traffic. (bsc#1170998) - The domain label should be a text field, for manually entering the domain name. (bsc#1154121) - Fix to reconnect the 'ldap' session if it times out. (bsc#1150394) - 'AD' modules should connect to an AD-DC via the SamDB interface, instead of 'python-ldap'. (bsc#1146898) - Fix incorrectly placed domain in change domain dialog (bsc#1145508) - YaST 'aduc/adsi/gpmc' should not exit after entering empty password and explicitly state that an Active Directory administrator should sign in. (bsc#1132565) - Move schema parsing code from adsi to the common code. (bsc#1138203) - 'TypeError: Expected a string or unicode object' during auth. (bsc#1135224) - Authentication fails with 'Failed to initialize ldap connection'. (bsc#1135130) - Fix for an issue when 'yast2-adcommon-python' 'ldap' does not correctly parse 'ldap' urls. (bsc#1133568) - Initial version ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:933-1 Released: Wed Mar 24 12:16:14 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1177125,1177222,CVE-2020-25613 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:945-1 Released: Wed Mar 24 13:43:08 2021 Summary: Security update for ldb Type: security Severity: important References: 1183572,1183574,CVE-2020-27840,CVE-2021-20277 This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:991-1 Released: Wed Mar 31 13:28:37 2021 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1182324 This update for vim provides the following fixes: - Install SUSE vimrc in /usr. (bsc#1182324) - Source correct suse.vimrc file. (bsc#1182324) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) From sle-updates at lists.suse.com Thu Apr 8 01:14:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 03:14:54 +0200 (CEST) Subject: SUSE-SU-2021:1097-1: moderate: Security update for openexr Message-ID: <20210408011454.F0D06F78E@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1097-1 Rating: moderate References: #1184172 #1184173 #1184174 Cross-References: CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVSS scores: CVE-2021-3474 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3474 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3475 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3475 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3476 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3476 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-3474: Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (bsc#1184174) - CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173) - CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1097=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.24.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.24.1 libIlmImfUtil-2_2-23-2.2.1-3.24.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.24.1 openexr-debuginfo-2.2.1-3.24.1 openexr-debugsource-2.2.1-3.24.1 openexr-devel-2.2.1-3.24.1 References: https://www.suse.com/security/cve/CVE-2021-3474.html https://www.suse.com/security/cve/CVE-2021-3475.html https://www.suse.com/security/cve/CVE-2021-3476.html https://bugzilla.suse.com/1184172 https://bugzilla.suse.com/1184173 https://bugzilla.suse.com/1184174 From sle-updates at lists.suse.com Thu Apr 8 10:15:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 12:15:34 +0200 (CEST) Subject: SUSE-RU-2021:1102-1: moderate: Recommended update for fence-agents Message-ID: <20210408101534.667F2F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1102-1 Rating: moderate References: #1180518 ECO-2378 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for fence-agents fixes the following issues: - Add IBM Z LPAR fence agent fence_ibmz to Pacemaker (kvm) (bsc#1180518) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1102=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-1102=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1102=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1102=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.24.6 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.24.6 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-devel-4.7.0+git.1607346448.17bd8552-7.24.6 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.24.6 fence-agents-devel-4.7.0+git.1607346448.17bd8552-7.24.6 References: https://bugzilla.suse.com/1180518 From sle-updates at lists.suse.com Thu Apr 8 10:16:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 12:16:38 +0200 (CEST) Subject: SUSE-RU-2021:1100-1: moderate: Recommended update for sapconf Message-ID: <20210408101638.66833F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1100-1 Rating: moderate References: #1176061 #1179524 #1182314 #1182906 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Added sapconf_check and supportconfig plugin for sapconf - Added change log message for 'MIN_PERF_PCT' parameter to reduce the spot light (bsc#1179524) - Added an additional check to detect an active saptune service to improve log messages (bsc#1182314) - sapconf.service starts now automatically during package update, if tuned is running with sapconf as profile (bsc#1176061) - sapconf.service will now only be disabled if saptune is active (bsc#1182906) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1100=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): sapconf-5.0.2-7.15.1 References: https://bugzilla.suse.com/1176061 https://bugzilla.suse.com/1179524 https://bugzilla.suse.com/1182314 https://bugzilla.suse.com/1182906 From sle-updates at lists.suse.com Thu Apr 8 10:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 12:17:54 +0200 (CEST) Subject: SUSE-RU-2021:1101-1: moderate: Recommended update for nvme-cli Message-ID: <20210408101754.7C2BFF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1101-1 Rating: moderate References: #1182591 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Added KATO fixes for NVMEoF (bsc#1182591) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1101=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1101=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): nvme-cli-1.10-4.6.1 nvme-cli-debuginfo-1.10-4.6.1 nvme-cli-debugsource-1.10-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nvme-cli-1.10-4.6.1 nvme-cli-debuginfo-1.10-4.6.1 nvme-cli-debugsource-1.10-4.6.1 References: https://bugzilla.suse.com/1182591 From sle-updates at lists.suse.com Thu Apr 8 13:15:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 15:15:27 +0200 (CEST) Subject: SUSE-SU-2021:1107-1: important: Security update for fwupd Message-ID: <20210408131527.78A11F78E@maintenance.suse.de> SUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1107-1 Rating: important References: #1172643 #1182057 SLE-16809 Cross-References: CVE-2020-10759 CVSS scores: CVE-2020-10759 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2020-10759 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for fwupd fixes the following issues: - Update to version 1.2.14: (bsc#1182057) - Add SBAT section to EFI images (bsc#1182057) - CVE-2020-10759: Validate that gpgme_op_verify_result() returned at least one signature (bsc#1172643) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1107=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fwupd-1.2.14-5.8.2 fwupd-debuginfo-1.2.14-5.8.2 fwupd-debugsource-1.2.14-5.8.2 fwupd-devel-1.2.14-5.8.2 libfwupd2-1.2.14-5.8.2 libfwupd2-debuginfo-1.2.14-5.8.2 typelib-1_0-Fwupd-2_0-1.2.14-5.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): fwupd-lang-1.2.14-5.8.2 References: https://www.suse.com/security/cve/CVE-2020-10759.html https://bugzilla.suse.com/1172643 https://bugzilla.suse.com/1182057 From sle-updates at lists.suse.com Thu Apr 8 13:16:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 15:16:31 +0200 (CEST) Subject: SUSE-SU-2021:1103-1: important: Security update for fwupdate Message-ID: <20210408131631.1C6D7F78E@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1103-1 Rating: important References: #1182057 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1103=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1103=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1103=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1103=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): fwupdate-9+git21.gcd8f7d7-6.8.2 fwupdate-debuginfo-9+git21.gcd8f7d7-6.8.2 fwupdate-debugsource-9+git21.gcd8f7d7-6.8.2 fwupdate-devel-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.8.2 libfwup1-9+git21.gcd8f7d7-6.8.2 libfwup1-debuginfo-9+git21.gcd8f7d7-6.8.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64): fwupdate-9+git21.gcd8f7d7-6.8.2 fwupdate-debuginfo-9+git21.gcd8f7d7-6.8.2 fwupdate-debugsource-9+git21.gcd8f7d7-6.8.2 fwupdate-devel-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.8.2 libfwup1-9+git21.gcd8f7d7-6.8.2 libfwup1-debuginfo-9+git21.gcd8f7d7-6.8.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-6.8.2 fwupdate-debuginfo-9+git21.gcd8f7d7-6.8.2 fwupdate-debugsource-9+git21.gcd8f7d7-6.8.2 fwupdate-devel-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.8.2 libfwup1-9+git21.gcd8f7d7-6.8.2 libfwup1-debuginfo-9+git21.gcd8f7d7-6.8.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-6.8.2 fwupdate-debuginfo-9+git21.gcd8f7d7-6.8.2 fwupdate-debugsource-9+git21.gcd8f7d7-6.8.2 fwupdate-devel-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-9+git21.gcd8f7d7-6.8.2 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.8.2 libfwup1-9+git21.gcd8f7d7-6.8.2 libfwup1-debuginfo-9+git21.gcd8f7d7-6.8.2 References: https://bugzilla.suse.com/1182057 From sle-updates at lists.suse.com Thu Apr 8 13:17:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 15:17:30 +0200 (CEST) Subject: SUSE-SU-2021:1108-1: moderate: Security update for ceph Message-ID: <20210408131730.0F989F78E@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1108-1 Rating: moderate References: #1172926 #1176390 #1176489 #1176679 #1176828 #1177360 #1177857 #1178837 #1178860 #1178905 #1178932 #1179569 #1179997 #1182766 Cross-References: CVE-2020-25678 CVE-2020-27839 CVSS scores: CVE-2020-25678 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-27839 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence "Failed to evict container" log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1108=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1108=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.9.83+g4275378de0-3.17.1 ceph-common-debuginfo-15.2.9.83+g4275378de0-3.17.1 ceph-debugsource-15.2.9.83+g4275378de0-3.17.1 libcephfs-devel-15.2.9.83+g4275378de0-3.17.1 libcephfs2-15.2.9.83+g4275378de0-3.17.1 libcephfs2-debuginfo-15.2.9.83+g4275378de0-3.17.1 librados-devel-15.2.9.83+g4275378de0-3.17.1 librados-devel-debuginfo-15.2.9.83+g4275378de0-3.17.1 librados2-15.2.9.83+g4275378de0-3.17.1 librados2-debuginfo-15.2.9.83+g4275378de0-3.17.1 libradospp-devel-15.2.9.83+g4275378de0-3.17.1 librbd-devel-15.2.9.83+g4275378de0-3.17.1 librbd1-15.2.9.83+g4275378de0-3.17.1 librbd1-debuginfo-15.2.9.83+g4275378de0-3.17.1 librgw-devel-15.2.9.83+g4275378de0-3.17.1 librgw2-15.2.9.83+g4275378de0-3.17.1 librgw2-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-ceph-argparse-15.2.9.83+g4275378de0-3.17.1 python3-ceph-common-15.2.9.83+g4275378de0-3.17.1 python3-cephfs-15.2.9.83+g4275378de0-3.17.1 python3-cephfs-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-rados-15.2.9.83+g4275378de0-3.17.1 python3-rados-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-rbd-15.2.9.83+g4275378de0-3.17.1 python3-rbd-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-rgw-15.2.9.83+g4275378de0-3.17.1 python3-rgw-debuginfo-15.2.9.83+g4275378de0-3.17.1 rados-objclass-devel-15.2.9.83+g4275378de0-3.17.1 rbd-nbd-15.2.9.83+g4275378de0-3.17.1 rbd-nbd-debuginfo-15.2.9.83+g4275378de0-3.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ceph-base-15.2.9.83+g4275378de0-3.17.1 ceph-base-debuginfo-15.2.9.83+g4275378de0-3.17.1 ceph-common-15.2.9.83+g4275378de0-3.17.1 ceph-common-debuginfo-15.2.9.83+g4275378de0-3.17.1 ceph-debugsource-15.2.9.83+g4275378de0-3.17.1 libcephfs2-15.2.9.83+g4275378de0-3.17.1 libcephfs2-debuginfo-15.2.9.83+g4275378de0-3.17.1 librados2-15.2.9.83+g4275378de0-3.17.1 librados2-debuginfo-15.2.9.83+g4275378de0-3.17.1 librbd1-15.2.9.83+g4275378de0-3.17.1 librbd1-debuginfo-15.2.9.83+g4275378de0-3.17.1 librgw2-15.2.9.83+g4275378de0-3.17.1 librgw2-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-ceph-argparse-15.2.9.83+g4275378de0-3.17.1 python3-ceph-common-15.2.9.83+g4275378de0-3.17.1 python3-cephfs-15.2.9.83+g4275378de0-3.17.1 python3-cephfs-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-rados-15.2.9.83+g4275378de0-3.17.1 python3-rados-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-rbd-15.2.9.83+g4275378de0-3.17.1 python3-rbd-debuginfo-15.2.9.83+g4275378de0-3.17.1 python3-rgw-15.2.9.83+g4275378de0-3.17.1 python3-rgw-debuginfo-15.2.9.83+g4275378de0-3.17.1 rbd-nbd-15.2.9.83+g4275378de0-3.17.1 rbd-nbd-debuginfo-15.2.9.83+g4275378de0-3.17.1 - SUSE Enterprise Storage 7 (noarch): cephadm-15.2.9.83+g4275378de0-3.17.1 References: https://www.suse.com/security/cve/CVE-2020-25678.html https://www.suse.com/security/cve/CVE-2020-27839.html https://bugzilla.suse.com/1172926 https://bugzilla.suse.com/1176390 https://bugzilla.suse.com/1176489 https://bugzilla.suse.com/1176679 https://bugzilla.suse.com/1176828 https://bugzilla.suse.com/1177360 https://bugzilla.suse.com/1177857 https://bugzilla.suse.com/1178837 https://bugzilla.suse.com/1178860 https://bugzilla.suse.com/1178905 https://bugzilla.suse.com/1178932 https://bugzilla.suse.com/1179569 https://bugzilla.suse.com/1179997 https://bugzilla.suse.com/1182766 From sle-updates at lists.suse.com Thu Apr 8 13:19:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 15:19:46 +0200 (CEST) Subject: SUSE-RU-2021:1106-1: moderate: Recommended update for sapconf Message-ID: <20210408131946.0161BF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1106-1 Rating: moderate References: #1179524 #1179880 #1182314 #1182906 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Added sapconf_check and supportconfig plugin for sapconf - Added change log message for 'MIN_PERF_PCT' parameter to reduce the spot light (bsc#1179524) - Added an additional check to detect an active saptune service to improve log messages (bsc#1182314) - Fixed a typo in the last changelog entry and clarified the man page section about profile handling (bsc#1179880) - sapconf.service will now only be disabled if saptune is active (bsc#1182906) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1106=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): sapconf-5.0.2-40.65.1 References: https://bugzilla.suse.com/1179524 https://bugzilla.suse.com/1179880 https://bugzilla.suse.com/1182314 https://bugzilla.suse.com/1182906 From sle-updates at lists.suse.com Thu Apr 8 13:21:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 15:21:01 +0200 (CEST) Subject: SUSE-SU-2021:1104-1: important: Security update for fwupdate Message-ID: <20210408132101.4EAD2F78E@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1104-1 Rating: important References: #1182057 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1104=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1104=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1104=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1104=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1104=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1104=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1104=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1104=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1104=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1104=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1104=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Manager Proxy 4.0 (x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 - SUSE CaaS Platform 4.0 (x86_64): fwupdate-12-11.8.2 fwupdate-debuginfo-12-11.8.2 fwupdate-debugsource-12-11.8.2 fwupdate-devel-12-11.8.2 fwupdate-efi-12-11.8.2 fwupdate-efi-debuginfo-12-11.8.2 libfwup1-12-11.8.2 libfwup1-debuginfo-12-11.8.2 References: https://bugzilla.suse.com/1182057 From sle-updates at lists.suse.com Thu Apr 8 19:15:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 21:15:54 +0200 (CEST) Subject: SUSE-RU-2021:1110-1: important: Recommended update for crash Message-ID: <20210408191554.75FEDF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1110-1 Rating: important References: #1173975 #1178827 #1182570 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. - Fix crash utility is taking forever to initialize a vmcore from large config system (bsc#1178827) - Fix support for opening VMware snapshots (bsc#1173975). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1110=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1110=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1110=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1110=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1110=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1110=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1110=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1110=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1110=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Manager Server 4.0 (x86_64): crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Manager Proxy 4.0 (x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 - SUSE Enterprise Storage 6 (x86_64): crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 - SUSE CaaS Platform 4.0 (x86_64): crash-7.2.1-9.13.1 crash-debuginfo-7.2.1-9.13.1 crash-debugsource-7.2.1-9.13.1 crash-devel-7.2.1-9.13.1 crash-gcore-7.2.1-9.13.1 crash-gcore-debuginfo-7.2.1-9.13.1 crash-kmp-default-7.2.1_k4.12.14_197.86-9.13.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_197.86-9.13.1 References: https://bugzilla.suse.com/1173975 https://bugzilla.suse.com/1178827 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Thu Apr 8 19:17:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 21:17:10 +0200 (CEST) Subject: SUSE-RU-2021:1114-1: moderate: Recommended update for oracleasm Message-ID: <20210408191710.CE143F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1114-1 Rating: moderate References: #1182570 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1114=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1114=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1114=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1114=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1114=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1114=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1114=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1114=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1114=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Manager Proxy 4.0 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 - SUSE CaaS Platform 4.0 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.86-7.13.3 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.86-7.13.3 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Thu Apr 8 19:18:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 21:18:15 +0200 (CEST) Subject: SUSE-SU-2021:1111-1: important: Security update for fwupdate Message-ID: <20210408191815.51F4CF78E@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1111-1 Rating: important References: #1182057 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1111=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1111=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1111=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1111=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1111=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1111=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1111=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1111=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1111=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1111=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1111=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE OpenStack Cloud 9 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE OpenStack Cloud 8 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 - HPE Helion Openstack 8 (x86_64): fwupdate-0.5-10.10.1 fwupdate-debuginfo-0.5-10.10.1 fwupdate-debugsource-0.5-10.10.1 fwupdate-efi-0.5-10.10.1 fwupdate-efi-debuginfo-0.5-10.10.1 libfwup0-0.5-10.10.1 libfwup0-debuginfo-0.5-10.10.1 References: https://bugzilla.suse.com/1182057 From sle-updates at lists.suse.com Thu Apr 8 19:19:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 21:19:20 +0200 (CEST) Subject: SUSE-RU-2021:1115-1: moderate: Recommended update for dpdk Message-ID: <20210408191920.82556F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1115-1 Rating: moderate References: #1182570 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1115=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1115=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1115=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1115=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1115=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1115=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1115=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1115=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1115=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Manager Retail Branch Server 4.0 (x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Manager Proxy 4.0 (x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE Enterprise Storage 6 (aarch64 x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 - SUSE CaaS Platform 4.0 (x86_64): dpdk-18.11.9-4.14.6 dpdk-debuginfo-18.11.9-4.14.6 dpdk-debugsource-18.11.9-4.14.6 dpdk-devel-18.11.9-4.14.6 dpdk-devel-debuginfo-18.11.9-4.14.6 dpdk-kmp-default-18.11.9_k4.12.14_197.86-4.14.6 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.86-4.14.6 dpdk-tools-18.11.9-4.14.6 dpdk-tools-debuginfo-18.11.9-4.14.6 libdpdk-18_11-18.11.9-4.14.6 libdpdk-18_11-debuginfo-18.11.9-4.14.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Thu Apr 8 19:20:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 21:20:22 +0200 (CEST) Subject: SUSE-SU-2021:1113-1: moderate: Security update for tpm2-tss-engine Message-ID: <20210408192022.CD716F78E@maintenance.suse.de> SUSE Security Update: Security update for tpm2-tss-engine ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1113-1 Rating: moderate References: #1183895 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tpm2-tss-engine fixes the following issues: - Added support to disable fixed compilation flags - Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile (resulted in non-position-independent executable tpm2-tss-genkey, bsc#1183895) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1113=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): tpm2-tss-engine-1.0.1-4.3.1 tpm2-tss-engine-debuginfo-1.0.1-4.3.1 tpm2-tss-engine-debugsource-1.0.1-4.3.1 tpm2-tss-engine-devel-1.0.1-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): tpm2-tss-engine-bash-completion-1.0.1-4.3.1 References: https://bugzilla.suse.com/1183895 From sle-updates at lists.suse.com Thu Apr 8 19:21:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Apr 2021 21:21:24 +0200 (CEST) Subject: SUSE-RU-2021:1112-1: moderate: Recommended update for crash Message-ID: <20210408192124.26EE6F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1112-1 Rating: moderate References: #1178827 #1182570 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. - Fix crash utility is taking forever to initialize a vmcore from large config system (bsc#1178827) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1112=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1112=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1112=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1112=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): crash-7.2.1-4.12.1 crash-debuginfo-7.2.1-4.12.1 crash-debugsource-7.2.1-4.12.1 crash-gcore-7.2.1-4.12.1 crash-gcore-debuginfo-7.2.1-4.12.1 crash-kmp-default-7.2.1_k4.12.14_95.71-4.12.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.71-4.12.1 - SUSE OpenStack Cloud 9 (x86_64): crash-7.2.1-4.12.1 crash-debuginfo-7.2.1-4.12.1 crash-debugsource-7.2.1-4.12.1 crash-gcore-7.2.1-4.12.1 crash-gcore-debuginfo-7.2.1-4.12.1 crash-kmp-default-7.2.1_k4.12.14_95.71-4.12.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.71-4.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): crash-7.2.1-4.12.1 crash-debuginfo-7.2.1-4.12.1 crash-debugsource-7.2.1-4.12.1 crash-kmp-default-7.2.1_k4.12.14_95.71-4.12.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.71-4.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): crash-gcore-7.2.1-4.12.1 crash-gcore-debuginfo-7.2.1-4.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): crash-7.2.1-4.12.1 crash-debuginfo-7.2.1-4.12.1 crash-debugsource-7.2.1-4.12.1 crash-kmp-default-7.2.1_k4.12.14_95.71-4.12.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.71-4.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): crash-gcore-7.2.1-4.12.1 crash-gcore-debuginfo-7.2.1-4.12.1 References: https://bugzilla.suse.com/1178827 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 05:53:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 07:53:31 +0200 (CEST) Subject: SUSE-IU-2021:435-1: Security update of suse-sles-15-sp2-chost-byos-v20210405-gen2 Message-ID: <20210409055331.32BD4B46349@westernhagen.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210405-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:435-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210405-gen2:20210405 Image Release : Severity : important Type : security References : 1065600 1065729 1078466 1078720 1081134 1083473 1084610 1084864 1112500 1115408 1125671 1132477 1132565 1133568 1135130 1135224 1138203 1138487 1140565 1145508 1146705 1146898 1150394 1150612 1151713 1151927 1152052 1152472 1152489 1154121 1154353 1154393 1155518 1156395 1163776 1165780 1169514 1170442 1170998 1172442 1174075 1174514 1175289 1175519 1175970 1176171 1176201 1176248 1176262 1176708 1176711 1176784 1176785 1176855 1177109 1177125 1177127 1177222 1177326 1177440 1177529 1177883 1178142 1178168 1178386 1178775 1178801 1178801 1178969 1178995 1179082 1179137 1179243 1179264 1179265 1179428 1179660 1179694 1179721 1179756 1179847 1179929 1180020 1180038 1180058 1180073 1180083 1180176 1180243 1180336 1180401 1180401 1180403 1180501 1180596 1180686 1180827 1180846 1180933 1180964 1180989 1181011 1181126 1181131 1181133 1181259 1181283 1181313 1181328 1181358 1181505 1181544 1181574 1181622 1181637 1181655 1181671 1181674 1181710 1181720 1181730 1181732 1181735 1181736 1181738 1181747 1181753 1181818 1181831 1181843 1181854 1181896 1181944 1181958 1181960 1181967 1181985 1182047 1182057 1182066 1182110 1182117 1182118 1182128 1182140 1182168 1182171 1182175 1182244 1182246 1182259 1182262 1182263 1182265 1182266 1182267 1182268 1182271 1182272 1182273 1182275 1182276 1182278 1182279 1182283 1182324 1182328 1182331 1182333 1182341 1182362 1182374 1182379 1182380 1182381 1182406 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182430 1182439 1182441 1182442 1182443 1182444 1182445 1182446 1182447 1182449 1182454 1182455 1182456 1182457 1182458 1182459 1182460 1182461 1182462 1182463 1182464 1182465 1182466 1182485 1182489 1182490 1182507 1182547 1182558 1182560 1182561 1182571 1182599 1182602 1182626 1182629 1182650 1182672 1182676 1182683 1182684 1182686 1182688 1182770 1182798 1182800 1182801 1182854 1182856 1182959 1183012 1183073 1183094 1183370 1183371 1183456 1183457 1183572 1183574 1183852 1183933 1183934 CVE-2019-20916 CVE-2019-25013 CVE-2020-11080 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 CVE-2020-14343 CVE-2020-14372 CVE-2020-15257 CVE-2020-25613 CVE-2020-25632 CVE-2020-25647 CVE-2020-25659 CVE-2020-27618 CVE-2020-27749 CVE-2020-27779 CVE-2020-27840 CVE-2020-28493 CVE-2020-29368 CVE-2020-29374 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-8625 CVE-2021-20193 CVE-2021-20225 CVE-2021-20231 CVE-2021-20232 CVE-2021-20233 CVE-2021-20277 CVE-2021-21284 CVE-2021-21285 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-26720 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210405-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:419-1 Released: Wed Feb 10 12:03:33 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1181313 This update for open-iscsi fixes the following issues: - Fixes a segfault when exiting from iscsiadm (bsc#1181313) - Fix for several memory leaks in iscsiadm - Fix for a crash when function iscsi_rec_update_param() is invoked ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:435-1 Released: Thu Feb 11 14:47:25 2021 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: important References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:441-1 Released: Thu Feb 11 16:35:04 2021 Summary: Optional update for python3-jsonschema Type: optional Severity: low References: 1180403 This update provides the python3 variant of the jsonschema module to the SUSE Linux Enterprise 15 SP2 Basesystem module. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:507-1 Released: Thu Feb 18 09:34:49 2021 Summary: Security update for bind Type: security Severity: important References: 1182246,CVE-2020-8625 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:516-1 Released: Thu Feb 18 14:42:51 2021 Summary: Recommended update for docker, golang-github-docker-libnetwork Type: recommended Severity: moderate References: 1178801,1180401,1182168 This update for docker, golang-github-docker-libnetwork fixes the following issues: - A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:519-1 Released: Fri Feb 19 09:44:53 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1180501 This update for openssh fixes the following issues: - Fixed a crash which sometimes occured on connection termination, caused by accessing freed memory (bsc#1180501) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:526-1 Released: Fri Feb 19 12:46:27 2021 Summary: Recommended update for python-distro Type: recommended Severity: moderate References: This update for python-distro fixes the following issues: Upgrade from version 1.2.0 to 1.5.0 (jsc#ECO-3212) - Backward compatibility: - Keep output as native string so we can compatible with python2 interface - Prefer the `VERSION_CODENAME` field of `os-release` to parsing it from `VERSION` - Bug Fixes: - Fix detection of RHEL 6 `ComputeNode` - Fix Oracle 4/5 `lsb_release` id and names - Ignore `/etc/plesk-release` file while parsing distribution - Return `_uname_info` from the `uname_info()` method - Fixed `CloudLinux` id discovery - Update Oracle matching - Warn about wrong locale. - Documentation: - Distro is the recommended replacement for `platform.linux_distribution` - Add Ansible reference implementation and fix arch-linux link - Add facter reference implementation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:551-1 Released: Tue Feb 23 09:31:53 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1180827,CVE-2021-26720 This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:571-1 Released: Tue Feb 23 16:11:33 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1180176 This update for cloud-init contains the following fixes: - Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing. - Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:573-1 Released: Wed Feb 24 09:58:38 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1176171,1180336 This update for dracut fixes the following issues: - arm/arm64: Add reset controllers (bsc#1180336) - Prevent creating unexpected files on the host when running dracut (bsc#1176171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:654-1 Released: Fri Feb 26 20:01:10 2021 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1181944,1182244,CVE-2020-28493 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:683-1 Released: Tue Mar 2 19:04:43 2021 Summary: Security update for grub2 Type: security Severity: important References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263,CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 This update for grub2 fixes the following issues: grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:689-1 Released: Tue Mar 2 19:08:40 2021 Summary: Security update for bind Type: security Severity: important References: 1180933 This update for bind fixes the following issues: - dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [bsc#1180933] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:741-1 Released: Tue Mar 9 16:11:49 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182110,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182341,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182507,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1 182801,1182854,1182856,CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735). - CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ). - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes). - ALSA: hda: Add another CometLake-H PCI ID (git-fixes). - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes). - ALSA: pcm: Call sync_stop at disconnection (git-fixes). - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes). - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes). - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes). - ALSA: usb-audio: More strict state change in EP (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - ASoC: cpcap: fix microphone timeslot mask (git-fixes). - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ASoC: simple-card-utils: Fix device module clock (git-fixes). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes). - ata: ahci_brcm: Add back regulators management (git-fixes). - ata: sata_nv: Fix retrieving of active qcs (git-fixes). - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - bcache: fix overflow in offset_to_stripe() (git-fixes). - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442). - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443). - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444). - block: fix inflight statistics of part0 (bsc#1182445). - block: respect queue limit of max discard segment (bsc#1182441). - block: virtio_blk: fix handling single range discard request (bsc#1182439). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (git-fixes). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). - bpf, cgroup: Fix problematic bounds check (bsc#1155518). - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626). - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - btrfs: fix race between RO remount and the cleaner task (bsc#1182626). - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626). - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626). - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: lift read-write mount setup from mount and remount (bsc#1182626). - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626). - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - caif: no need to check return value of debugfs_create functions (git-fixes). - ceph: fix flush_snap logic after putting caps (bsc#1182854). - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683). - cgroup: fix psi monitor for root cgroup (bsc#1182686). - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684). - chelsio/chtls: correct function return and return type (git-fixes). - chelsio/chtls: correct netdevice for vlan interface (git-fixes). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - chelsio/chtls: fix always leaking ctrl_skb (git-fixes). - chelsio/chtls: fix deadlock issue (git-fixes). - chelsio/chtls: fix memory leaks caused by a race (git-fixes). - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - chelsio/chtls: fix socket lock (git-fixes). - chelsio/chtls: fix tls record info to user (git-fixes). - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: fix nodfs mount option (bsc#1181710). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes). - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes). - clk: sunxi-ng: h6: Fix CEC clock (git-fixes). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes). - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes). - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4: fix all-mask IP address comparison (git-fixes). - cxgb4: fix checks for max queues to allocate (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: fix set but unused variable when DCB is disabled (git-fixes). - cxgb4: fix SGE queue dump destination buffer context (git-fixes). - cxgb4: fix the panic caused by non smac rewrite (git-fixes). - cxgb4: move DCB version extern to header file (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes). - cxgb4: set up filter action after rewrites (git-fixes). - cxgb4: use correct type for all-mask IP address comparison (git-fixes). - cxgb4: use unaligned conversion for fetching timestamp (git-fixes). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes). - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes). - dmaengine: hsu: disable spurious interrupt (git-fixes). - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes). - dm crypt: avoid truncating the logical block size (git-fixes). - dm: fix bio splitting and its bio completion order for regular IO (git-fixes). - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529). - dm thin metadata: fix lockdep complaint (bsc#1177529). - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529). - dm: use noio when sending kobject event (bsc#1177529). - docs: filesystems: vfs: correct flag name (bsc#1182856). - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes). - drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes). - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes). - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes). - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes). - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes). - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes). - drm/gma500: Fix error return code in psb_driver_load() (git-fixes). - drm/meson: Unbind all connectors on module removal (bsc#1152472) - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472) - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472) - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472) - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472) - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489) - Drop HID logitech patch that caused a regression (bsc#1182259) - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - ext4: prevent creating duplicate encrypted filenames (bsc#1182446). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware_loader: align .builtin_fw to 8 (git-fixes). - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446). - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - gma500: clean up error handling in init (git-fixes). - gpio: pcf857x: Fix missing first interrupt (git-fixes). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i2c: iproc: handle only slave interrupts which are enabled (git-fixes). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes). - i2c: stm32f7: fix configuration of the digital filter (git-fixes). - i3c: master: dw: Drop redundant disec call (git-fixes). - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025). - i40e: avoid premature Rx buffer reuse (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025). - iavf: fix double-release of rtnl_lock (git-fixes). - iavf: fix error return code in iavf_init_get_resources() (git-fixes). - iavf: fix speed reporting over virtchnl (git-fixes). - iavf: Fix updating statistics (git-fixes). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960). - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926). - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes). - igc: fix link speed advertising (git-fixes). - igc: Fix returning wrong statistics (git-fixes). - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes). - include/linux/memremap.h: remove stale comments (git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - Input: sur40 - fix an error code in sur40_probe() (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes). - iwlwifi: mvm: guard against device removal in reprobe (git-fixes). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes). - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes). - iwlwifi: pcie: fix context info memory leak (git-fixes). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - ixgbe: avoid premature Rx buffer reuse (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes). - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191). - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine. - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818). - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818). - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489). - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380). - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380). - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770). - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800). - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381). - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374). - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599). - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes). - mac80211: 160MHz with extended NSS BW in CSA (git-fixes). - mac80211: fix fast-rx encryption check (git-fixes). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - mac80211: pause TX while changing interface type (git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290). - matroxfb: avoid -Warray-bounds warning (bsc#1152472) - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes). - media: camss: missing error code in msm_video_register() (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: mt9v111: Remove unneeded device-managed puts (git-fixes). - media: pwc: Use correct device for DMA (bsc#1181133). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes). - memory: ti-aemif: Drop child node when jumping out loop (git-fixes). - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes). - mlxsw: core: Fix memory leak on module removal (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes). - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes). - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes). - net: axienet: Fix error return code in axienet_probe() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes). - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - net: dsa: mt7530: set CPU port to fallback mode (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: ave: Fix error returns in ave_init (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes). - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes). - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes). - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (git-fixes). - net: hns3: add reset check for VF updating port based VLAN (git-fixes). - net: hns3: clear port base VLAN when unload PF (git-fixes). - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes). - net: hns3: fix a TX timeout issue (git-fixes). - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes). - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes). - net: hns3: fix for VLAN config when reset failed (git-fixes). - net: hns3: fix RSS config lost after VF reset (git-fixes). - net: hns3: fix set and get link ksettings issue (git-fixes). - net: hns3: fix 'tc qdisc del' failed issue (git-fixes). - net: hns3: fix the number of queues actually used by ARQ (git-fixes). - net: hns3: fix use-after-free when doing self test (git-fixes). - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes). - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes). - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx5: Add handling of port type in rule deletion (git-fixes). - net/mlx5: Annotate mutex destroy for root ns (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes). - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes). - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes). - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes). - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes). - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (git-fixes). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes). - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net/mlx5e: Rename hw_modify to preactivate (git-fixes). - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes). - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5: Fix deletion of duplicate rules (git-fixes). - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes). - net/mlx5: Fix request_irqs error flow (git-fixes). - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes). - net: mscc: ocelot: fix address ageing time (again) (git-fixes). - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: disable force link UP during port init procedure (git-fixes). - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes). - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes). - net: netsec: Correct dma sync for XDP_TX frames (git-fixes). - net: nixge: fix potential memory leak in nixge_probe() (git-fixes). - net: octeon: mgmt: Repair filling of RX ring (git-fixes). - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes). - net: phy: extract link partner advertisement reading (git-fixes). - net: phy: extract pause mode (git-fixes). - net: phy: marvell10g: fix null pointer dereference (git-fixes). - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes). - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes). - net: qca_spi: fix receive buffer size check (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: qede: fix PTP initialization on recovery (git-fixes). - net: qede: fix use-after-free on recovery and AER handling (git-fixes). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix async event callbacks unregistering (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix 'maybe uninitialized' warning (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293). - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes). - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes). - net: rmnet: fix bridge mode bugs (git-fixes). - net: rmnet: fix lower interface leak (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes). - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes). - net: rmnet: fix suspicious RCU usage (git-fixes). - net: rmnet: print error message when command fails (git-fixes). - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes). - net: rmnet: use upper/lower device infrastructure (git-fixes). - net, sctp, filter: remap copy_from_user failure error (bsc#1181637). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix disabling flexible PPS output (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: Fix the TX IOC in xmit path (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes). - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes). - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). - nvme-hwmon: rework to avoid devm allocation (bsc#1177326). - nvme-multipath: Early exit if no path is available (bsc#1180964). - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137). - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547). - objtool: Do not fail on missing symbol table (bsc#1169514). - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989). - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395). - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395). - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395). - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes). - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes). - qed: select CONFIG_CRC32 (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - rcu/nocb: Perform deferred wake up before last idle's (git-fixes) - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes) - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes) - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248). - RDMA/efa: Count admin commands errors (bsc#1176248). - RDMA/efa: Count mmap failures (bsc#1176248). - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248). - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248). - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248). - RDMA/efa: Expose minimum SQ size (bsc#1176248). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248). - RDMA/efa: Properly document the interrupt mask register (bsc#1176248). - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248). - RDMA/efa: Report create CQ error counter (bsc#1176248). - RDMA/efa: Report host information to the device (bsc#1176248). - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248). - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248). - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248). - RDMA/efa: Use the correct current and new states in modify QP (git-fixes). - regulator: axp20x: Fix reference cout leak (git-fixes). - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes). - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes). - regulator: Fix lockdep warning resolving supplies (git-fixes). - regulator: s5m8767: Drop regulators OF node reference (git-fixes). - regulator: s5m8767: Fix reference count leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - reset: hisilicon: correct vendor prefix (git-fixes). - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes). - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes). - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - rtc: s5m: select REGMAP_I2C (git-fixes). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - sched: Reenable interrupts in do_sched_yield() (git-fixes) - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958). - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - soc: aspeed: snoop: Add clock control logic (git-fixes). - spi: atmel: Put allocated master before return (git-fixes). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes). - spi: spi-synquacer: fix set_cs handling (git-fixes). - spi: stm32: properly handle 0 byte transfer (git-fixes). - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266). - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267). - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tpm: Remove tpm_dev_wq_lock (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes). - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes). - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459). - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454). - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457). - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456). - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes). - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes). - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes). - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes). - USB: gadget: u_audio: Free requests only after callback (git-fixes). - USB: mUSB: Fix runtime PM race in musb_queue_resume_work (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: quirks: sort quirk entries (git-fixes). - USB: renesas_usbhs: Clear pipe running flag in USBhs_pkt_pop() (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (git-fixes). - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265). - virtio_net: Fix error code in probe() (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - vxlan: fix memleak of fdb (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272). - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558). - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276). - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430). - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273). - xfs: ratelimit xfs_discard_page messages (bsc#1182283). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275). - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278). - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). The kernel-default-base packaging was changed: - Added squashfs for kiwi installiso support (bsc#1182341) - Added fuse (bsc#1182507) - Added modules which got lost when migrating away from supported.conf (bsc#1182110): * am53c974 had a typo * cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress - Also added vport-* modules for Open vSwitch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:758-1 Released: Wed Mar 10 12:16:27 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1182688 This update for dracut fixes the following issues: - network-legacy: fix route parsing issues in ifup. (bsc#1182688) -0kernel-modules: arm/arm64: Add reset controllers - Prevent creating unexpected files on the host when running dracut - As of 'v246' of systemd 'syslog' and 'syslog-console' switches have been deprecated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:784-1 Released: Mon Mar 15 11:19:08 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1181967 This update for efivar fixes the following issues: - Fixed an issue with the NVME path parsing (bsc#1181967) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:802-1 Released: Tue Mar 16 16:54:12 2021 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1183073 This update for grub2 fixes the following issues: - Fixed chainloading windows on dual boot machine (bsc#1183073) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:881-1 Released: Fri Mar 19 04:16:42 2021 Summary: Recommended update for yast2-adcommon-python, yast2-aduc, samba Type: recommended Severity: moderate References: 1084864,1132565,1133568,1135130,1135224,1138203,1138487,1145508,1146898,1150394,1150612,1151713,1152052,1154121,1170998 This update for yast2-adcommon-python, yast2-aduc, samba fixes the following issues: - Update 'aduc' for 'realmd' customer. (jsc#SLE-5527) - Add ability to change/enable/unlock user's passwords. (bsc#1152052) - Fixes a Failure to authenticate on first try and throws a MemoryError on Ubuntu. (bsc#1151713) - Fixes an issue when unused 'xset' may cause exception in 'appimage'. (bsc#1150612) - Include other object creaiton options. (bsc#1138203) - Use the domain name stored in the samba credentials object. (bsc#1138487) - Display a backtrace if the connection fails. - Use new schema of desktop files. (bsc#1084864) - Move the module to Network Services. - Use common authentication from yast2-adcommon-python. - Switch to using a unified file/actions menu, instead of random buttons - Remove 'ad-dc' dependency. (jsc#ECO-2527) - Fix slow load of 'ADUC' caused by chatty ldap traffic. (bsc#1170998) - The domain label should be a text field, for manually entering the domain name. (bsc#1154121) - Fix to reconnect the 'ldap' session if it times out. (bsc#1150394) - 'AD' modules should connect to an AD-DC via the SamDB interface, instead of 'python-ldap'. (bsc#1146898) - Fix incorrectly placed domain in change domain dialog (bsc#1145508) - YaST 'aduc/adsi/gpmc' should not exit after entering empty password and explicitly state that an Active Directory administrator should sign in. (bsc#1132565) - Move schema parsing code from adsi to the common code. (bsc#1138203) - 'TypeError: Expected a string or unicode object' during auth. (bsc#1135224) - Authentication fails with 'Failed to initialize ldap connection'. (bsc#1135130) - Fix for an issue when 'yast2-adcommon-python' 'ldap' does not correctly parse 'ldap' urls. (bsc#1133568) - Initial version ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:933-1 Released: Wed Mar 24 12:16:14 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1177125,1177222,CVE-2020-25613 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:945-1 Released: Wed Mar 24 13:43:08 2021 Summary: Security update for ldb Type: security Severity: important References: 1183572,1183574,CVE-2020-27840,CVE-2021-20277 This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:960-1 Released: Mon Mar 29 11:16:28 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283 This update for cloud-init fixes the following issues: - Does no longer include the sudoers.d directory twice (bsc#1181283) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:991-1 Released: Wed Mar 31 13:28:37 2021 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1182324 This update for vim provides the following fixes: - Install SUSE vimrc in /usr. (bsc#1182324) - Source correct suse.vimrc file. (bsc#1182324) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) From sle-updates at lists.suse.com Fri Apr 9 06:00:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 08:00:42 +0200 (CEST) Subject: SUSE-CU-2021:96-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20210409060042.8CB5AB46349@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:96-1 Container Tags : ses/7/cephcsi/cephcsi:3.2.0 , ses/7/cephcsi/cephcsi:3.2.0.0.3.300 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.2.0 , ses/7/cephcsi/cephcsi:v3.2.0.0 Container Release : 3.300 Severity : important Type : security References : 1078466 1083473 1112500 1115408 1125671 1140565 1146705 1154393 1160876 1165780 1171549 1172442 1172926 1174514 1175289 1175519 1176201 1176390 1176489 1176679 1176784 1176785 1176828 1177360 1177857 1178168 1178407 1178775 1178837 1178860 1178905 1178932 1179569 1179847 1179997 1180020 1180073 1180083 1180596 1180713 1181011 1181328 1181358 1181622 1181831 1182328 1182362 1182379 1182629 1182766 1183012 1183094 1183370 1183371 1183456 1183457 1183852 1183933 1183934 CVE-2020-11080 CVE-2020-14343 CVE-2020-25659 CVE-2020-25678 CVE-2020-27839 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-24031 CVE-2021-24032 CVE-2021-27218 CVE-2021-27219 CVE-2021-3449 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:952-1 Released: Thu Mar 25 14:36:56 2021 Summary: Recommended update for libunwind Type: recommended Severity: moderate References: 1160876,1171549 This update for libunwind fixes the following issues: - Update to version 1.5.0. (jsc#ECO-3395) - Enable s390x for building. (jsc#ECO-3395) - Fix compilation with 'fno-common'. (bsc#1171549) - Fix build with 'GCC-10'. (bsc#1160876) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:953-1 Released: Thu Mar 25 14:37:26 2021 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1178407 This update for psmisc fixes the following issues: - Fix for 'fuser' when it does not show open kvm storage image files such as 'qcow2' files. (bsc#1178407) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1109-1 Released: Thu Apr 8 11:49:10 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) From sle-updates at lists.suse.com Fri Apr 9 06:01:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 08:01:49 +0200 (CEST) Subject: SUSE-CU-2021:97-1: Security update of ses/7/ceph/grafana Message-ID: <20210409060149.E4368B46349@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:97-1 Container Tags : ses/7/ceph/grafana:7.3.1 , ses/7/ceph/grafana:7.3.1.3.428 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus Container Release : 3.428 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1169006 1171883 1172442 1172695 1172926 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1176390 1176489 1176679 1176828 1177238 1177275 1177360 1177427 1177490 1177583 1177857 1177998 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178837 1178860 1178860 1178905 1178909 1178910 1178932 1178966 1179016 1179083 1179222 1179363 1179398 1179399 1179415 1179452 1179491 1179503 1179526 1179569 1179593 1179694 1179721 1179816 1179824 1179847 1179909 1179997 1180020 1180038 1180073 1180077 1180083 1180107 1180138 1180155 1180225 1180596 1180603 1180603 1180663 1180721 1180885 1181011 1181328 1181358 1181505 1181622 1181831 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182766 1182959 1183094 1183370 1183371 1183456 1183457 1183852 1183933 1183934 CVE-2017-9271 CVE-2019-25013 CVE-2020-11080 CVE-2020-1971 CVE-2020-25678 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-27781 CVE-2020-27839 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 ----------------------------------------------------------------- The container ses/7/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3747-1 Released: Thu Dec 10 13:54:49 2020 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1179452,1179526 This update for ceph fixes the following issues: - Fixed an issue when reading a large 'RGW' object takes too long and can cause data loss. (bsc#1179526) - Fixed a build issue caused by missing nautilus module named 'six'. (bsc#1179452) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3894-1 Released: Mon Dec 21 12:56:05 2020 Summary: Security update for ceph Type: security Severity: important References: 1178860,1179016,1180107,1180155,CVE-2020-27781 This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155). Non-security issues fixed: - Update to 15.2.8-80-g1f4b6229ca: + Rebase on tip of upstream 'octopus' branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55 * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/ - Update to 15.2.7-776-g343cd10fe5: + Rebase on tip of upstream 'octopus' branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + (bsc#1179016) rpm: require smartmontools on SUSE + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:321-1 Released: Mon Feb 8 10:29:48 2021 Summary: Recommended update for grafana, system-user-grafana Type: recommended Severity: moderate References: This update for grafana, system-user-grafana fixes the following issues: - Update packaging * avoid systemd and shadow hard requirements * Require the user from a new dedicated 'system-user-grafana' sibling package * avoid pinning to a specific Go version in the spec file - Update to version 7.3.1: * Breaking changes - CloudWatch: The AWS CloudWatch data source's authentication scheme has changed. See the upgrade notes for details and how this may affect you. - Units: The date time units `YYYY-MM-DD HH:mm:ss` and `MM/DD/YYYY h:mm:ss a` have been renamed to `Datetime ISO` and `Datetime US` respectively. * Features / Enhancements - AzureMonitor: Support decimal (as float64) type in analytics/logs. - Add monitoring mixing for Grafana. - CloudWatch: Missing Namespace AWS/EC2CapacityReservations. - CloudWatch: Add support for AWS DirectConnect virtual interface metrics and add missing dimensions. - CloudWatch: Adding support for Amazon ElastiCache Redis metrics. - CloudWatch: Adding support for additional Amazon CloudFront metrics. - CloudWatch: Re-implement authentication. - Elasticsearch: Support multiple pipeline aggregations for a query. - Prometheus: Add time range parameters to labels API. - Loki: Visually distinguish error logs for LogQL2. - Api: Add /healthz endpoint for health checks. - API: Enrich add user to org endpoints with user ID in the response. - API: Enrich responses and improve error handling for alerting API endpoints. - Elasticsearch: Add support for date_nanos type. - Elasticsearch: Allow fields starting with underscore. - Elasticsearch: Increase maximum geohash aggregation precision to 12. - Postgres: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Provisioning: Remove provisioned dashboards without parental reader. - API: Return ID of the deleted resource for dashboard, datasource and folder DELETE endpoints. - API: Support paging in the admin orgs list API. - API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints. - BackendSrv: Uses credentials, deprecates withCredentials & defaults to same-origin. - CloudWatch: Update list of AmazonMQ metrics and dimensions. - Cloudwatch: Add Support for external ID in assume role. - Cloudwatch: Add af-south-1 region. - DateFormats: Default ISO & US formats never omit date part even if date is today (breaking change). - Explore: Transform prometheus query to elasticsearch query. - InfluxDB/Flux: Increase series limit for Flux datasource. - InfluxDB: exclude result and table column from Flux table results. - InfluxDB: return a table rather than an error when timeseries is missing time. - Loki: Add scopedVars support in legend formatting for repeated variables. - Loki: Re-introduce running of instant queries. - Loki: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - MixedDatasource: Shows retrieved data even if a data source fails. - Postgres: Support Unix socket for host. - Prometheus: Add scopedVars support in legend formatting for repeated variables. - Prometheus: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Prometheus: add $__rate_interval variable. - Table: Adds column filtering. - grafana-cli: Add ability to read password from stdin to reset admin password. - Variables: enables cancel for slow query variables queries. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - TextPanel: Fix content overflowing panel boundaries. - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1109-1 Released: Thu Apr 8 11:49:10 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) From sle-updates at lists.suse.com Fri Apr 9 06:04:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 08:04:03 +0200 (CEST) Subject: SUSE-CU-2021:98-1: Security update of ses/7/ceph/ceph Message-ID: <20210409060403.1F9BCB46349@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:98-1 Container Tags : ses/7/ceph/ceph:15.2.9.83 , ses/7/ceph/ceph:15.2.9.83.4.157 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 4.157 Severity : important Type : security References : 1050625 1078466 1083473 1098449 1112500 1115408 1125671 1140565 1141597 1142248 1144793 1146705 1154393 1155094 1160876 1165780 1167880 1168771 1171549 1171883 1172442 1172695 1172926 1173582 1174016 1174091 1174436 1174514 1174571 1174701 1175289 1175458 1175519 1176171 1176201 1176262 1176390 1176489 1176679 1176784 1176785 1176828 1177127 1177211 1177238 1177275 1177360 1177427 1177460 1177460 1177490 1177533 1177583 1177658 1177857 1177870 1177998 1178009 1178168 1178386 1178407 1178775 1178775 1178823 1178837 1178860 1178905 1178909 1178910 1178932 1178966 1179083 1179193 1179222 1179363 1179415 1179503 1179569 1179630 1179691 1179691 1179694 1179721 1179738 1179756 1179816 1179824 1179847 1179909 1179997 1180020 1180038 1180073 1180077 1180083 1180119 1180138 1180225 1180336 1180377 1180501 1180596 1180603 1180603 1180663 1180676 1180684 1180685 1180686 1180687 1180713 1180721 1180801 1180885 1181011 1181090 1181126 1181319 1181328 1181358 1181505 1181622 1181831 1181944 1182066 1182117 1182244 1182279 1182328 1182331 1182333 1182362 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182688 1182766 1182959 1183012 1183094 1183370 1183371 1183456 1183457 1183852 1183933 1183934 1183942 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-25013 CVE-2019-5010 CVE-2020-11080 CVE-2020-14343 CVE-2020-14422 CVE-2020-25659 CVE-2020-25678 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27618 CVE-2020-27619 CVE-2020-27839 CVE-2020-28493 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-8025 CVE-2020-8492 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22890 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3139 CVE-2021-3156 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3921-1 Released: Tue Dec 22 15:19:17 2020 Summary: Recommended update for libpwquality Type: recommended Severity: low References: This update for libpwquality fixes the following issues: - Implement alignment with 'pam_cracklib'. (jsc#SLE-16720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:93-1 Released: Wed Jan 13 16:45:40 2021 Summary: Security update for tcmu-runner Type: security Severity: important References: 1180676,CVE-2021-3139 This update for tcmu-runner fixes the following issues: - CVE-2021-3139: Fixed a LIO security issue (bsc#1180676). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:264-1 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1142248,1177870,1180119 This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:280-1 Released: Tue Feb 2 11:33:49 2021 Summary: Recommended update for strongswan Type: recommended Severity: moderate References: 1167880,1180801 This update for strongswan fixes the following issues: - Fix trailing quotation mark missing from example in README. (bsc#1167880) - Fixes an error in 'libgcrypt' causing problems by generating CA keys with 'pki create'. (bsc#1180801) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:519-1 Released: Fri Feb 19 09:44:53 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1180501 This update for openssh fixes the following issues: - Fixed a crash which sometimes occured on connection termination, caused by accessing freed memory (bsc#1180501) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:573-1 Released: Wed Feb 24 09:58:38 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1176171,1180336 This update for dracut fixes the following issues: - arm/arm64: Add reset controllers (bsc#1180336) - Prevent creating unexpected files on the host when running dracut (bsc#1176171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:654-1 Released: Fri Feb 26 20:01:10 2021 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1181944,1182244,CVE-2020-28493 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:758-1 Released: Wed Mar 10 12:16:27 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1182688 This update for dracut fixes the following issues: - network-legacy: fix route parsing issues in ifup. (bsc#1182688) -0kernel-modules: arm/arm64: Add reset controllers - Prevent creating unexpected files on the host when running dracut - As of 'v246' of systemd 'syslog' and 'syslog-console' switches have been deprecated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:952-1 Released: Thu Mar 25 14:36:56 2021 Summary: Recommended update for libunwind Type: recommended Severity: moderate References: 1160876,1171549 This update for libunwind fixes the following issues: - Update to version 1.5.0. (jsc#ECO-3395) - Enable s390x for building. (jsc#ECO-3395) - Fix compilation with 'fno-common'. (bsc#1171549) - Fix build with 'GCC-10'. (bsc#1160876) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:953-1 Released: Thu Mar 25 14:37:26 2021 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1178407 This update for psmisc fixes the following issues: - Fix for 'fuser' when it does not show open kvm storage image files such as 'qcow2' files. (bsc#1178407) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1007-1 Released: Thu Apr 1 17:47:20 2021 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1109-1 Released: Thu Apr 8 11:49:10 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) From sle-updates at lists.suse.com Fri Apr 9 06:06:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 08:06:25 +0200 (CEST) Subject: SUSE-CU-2021:99-1: Security update of ses/7/rook/ceph Message-ID: <20210409060625.9AAC2B46349@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:99-1 Container Tags : ses/7/rook/ceph:1.5.7 , ses/7/rook/ceph:1.5.7.4 , ses/7/rook/ceph:1.5.7.4.1.1546 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1546 Severity : important Type : security References : 1078466 1083473 1112500 1115408 1125671 1140565 1146705 1154393 1160876 1165780 1171549 1172442 1172926 1174514 1175289 1175519 1176201 1176390 1176489 1176679 1176784 1176785 1176828 1177360 1177857 1178168 1178407 1178775 1178837 1178860 1178905 1178932 1179569 1179847 1179997 1180020 1180073 1180083 1180596 1180713 1181011 1181328 1181358 1181622 1181831 1182328 1182362 1182379 1182629 1182766 1183012 1183094 1183370 1183371 1183456 1183457 1183852 1183933 1183934 CVE-2020-11080 CVE-2020-14343 CVE-2020-25659 CVE-2020-25678 CVE-2020-27839 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-24031 CVE-2021-24032 CVE-2021-27218 CVE-2021-27219 CVE-2021-3449 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:952-1 Released: Thu Mar 25 14:36:56 2021 Summary: Recommended update for libunwind Type: recommended Severity: moderate References: 1160876,1171549 This update for libunwind fixes the following issues: - Update to version 1.5.0. (jsc#ECO-3395) - Enable s390x for building. (jsc#ECO-3395) - Fix compilation with 'fno-common'. (bsc#1171549) - Fix build with 'GCC-10'. (bsc#1160876) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:953-1 Released: Thu Mar 25 14:37:26 2021 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1178407 This update for psmisc fixes the following issues: - Fix for 'fuser' when it does not show open kvm storage image files such as 'qcow2' files. (bsc#1178407) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1109-1 Released: Thu Apr 8 11:49:10 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) From sle-updates at lists.suse.com Fri Apr 9 06:08:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 08:08:10 +0200 (CEST) Subject: SUSE-CU-2021:100-1: Security update of suse/sle15 Message-ID: <20210409060810.8A3D1B46349@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:100-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.252 Container Release : 13.2.252 Severity : moderate Type : security References : 1180073 1183933 1183934 CVE-2021-22876 CVE-2021-22890 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) From sle-updates at lists.suse.com Fri Apr 9 13:15:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 15:15:32 +0200 (CEST) Subject: SUSE-RU-2021:1120-1: moderate: Recommended update for dpdk Message-ID: <20210409131532.07B4EF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1120-1 Rating: moderate References: #1182570 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1120=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1120=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1120=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1120=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1120=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1120=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dpdk-16.11.9-8.17.9 dpdk-debuginfo-16.11.9-8.17.9 dpdk-debugsource-16.11.9-8.17.9 dpdk-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 dpdk-tools-16.11.9-8.17.9 - SUSE OpenStack Cloud 8 (x86_64): dpdk-16.11.9-8.17.9 dpdk-debuginfo-16.11.9-8.17.9 dpdk-debugsource-16.11.9-8.17.9 dpdk-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 dpdk-tools-16.11.9-8.17.9 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dpdk-16.11.9-8.17.9 dpdk-debuginfo-16.11.9-8.17.9 dpdk-debugsource-16.11.9-8.17.9 dpdk-tools-16.11.9-8.17.9 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): dpdk-16.11.9-8.17.9 dpdk-debuginfo-16.11.9-8.17.9 dpdk-debugsource-16.11.9-8.17.9 dpdk-tools-16.11.9-8.17.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): dpdk-thunderx-16.11.9-8.17.9 dpdk-thunderx-debuginfo-16.11.9-8.17.9 dpdk-thunderx-debugsource-16.11.9-8.17.9 dpdk-thunderx-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-thunderx-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dpdk-16.11.9-8.17.9 dpdk-debuginfo-16.11.9-8.17.9 dpdk-debugsource-16.11.9-8.17.9 dpdk-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 dpdk-tools-16.11.9-8.17.9 - HPE Helion Openstack 8 (x86_64): dpdk-16.11.9-8.17.9 dpdk-debuginfo-16.11.9-8.17.9 dpdk-debugsource-16.11.9-8.17.9 dpdk-kmp-default-16.11.9_k4.4.180_94.141-8.17.9 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.141-8.17.9 dpdk-tools-16.11.9-8.17.9 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 13:16:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 15:16:39 +0200 (CEST) Subject: SUSE-SU-2021:1116-1: important: Security update for umoci Message-ID: <20210409131639.EB57BF78E@maintenance.suse.de> SUSE Security Update: Security update for umoci ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1116-1 Rating: important References: #1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for umoci fixes the following issues: - Update to umoci v0.4.6. - CVE-2021-29136: malicious layer allows overwriting of host files (bsc#1184147) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1116=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1116=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1116=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1116=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1116=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1116=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-1116=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-1116=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1116=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1116=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1116=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): umoci-0.4.6-3.9.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): umoci-0.4.6-3.9.1 - SUSE Manager Proxy 4.0 (x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): umoci-0.4.6-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): umoci-0.4.6-3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): umoci-0.4.6-3.9.1 - SUSE CaaS Platform 4.0 (x86_64): umoci-0.4.6-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-29136.html https://bugzilla.suse.com/1184147 From sle-updates at lists.suse.com Fri Apr 9 13:17:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 15:17:47 +0200 (CEST) Subject: SUSE-RU-2021:14687-1: moderate: Recommended update for oracleasm Message-ID: <20210409131747.C128CF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14687-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-oracleasm-14687=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-oracleasm-14687=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): oracleasm-2.0.5-7.44.6.4 oracleasm-kmp-default-2.0.5_3.0.101_108.123-7.44.6.4 oracleasm-kmp-trace-2.0.5_3.0.101_108.123-7.44.6.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): oracleasm-kmp-xen-2.0.5_3.0.101_108.123-7.44.6.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): oracleasm-kmp-bigmem-2.0.5_3.0.101_108.123-7.44.6.4 oracleasm-kmp-ppc64-2.0.5_3.0.101_108.123-7.44.6.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): oracleasm-kmp-pae-2.0.5_3.0.101_108.123-7.44.6.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): oracleasm-debuginfo-2.0.5-7.44.6.4 oracleasm-debugsource-2.0.5-7.44.6.4 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 13:18:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 15:18:49 +0200 (CEST) Subject: SUSE-RU-2021:1117-1: moderate: Recommended update for crash Message-ID: <20210409131849.B66C8F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1117-1 Rating: moderate References: #1182570 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1117=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1117=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1117=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1117=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1117=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1117=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crash-7.1.8-4.15.6 crash-debuginfo-7.1.8-4.15.6 crash-debugsource-7.1.8-4.15.6 crash-gcore-7.1.8-4.15.6 crash-gcore-debuginfo-7.1.8-4.15.6 crash-kmp-default-7.1.8_k4.4.180_94.141-4.15.6 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.141-4.15.6 - SUSE OpenStack Cloud 8 (x86_64): crash-7.1.8-4.15.6 crash-debuginfo-7.1.8-4.15.6 crash-debugsource-7.1.8-4.15.6 crash-gcore-7.1.8-4.15.6 crash-gcore-debuginfo-7.1.8-4.15.6 crash-kmp-default-7.1.8_k4.4.180_94.141-4.15.6 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.141-4.15.6 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): crash-7.1.8-4.15.6 crash-debuginfo-7.1.8-4.15.6 crash-debugsource-7.1.8-4.15.6 crash-kmp-default-7.1.8_k4.4.180_94.141-4.15.6 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.141-4.15.6 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): crash-gcore-7.1.8-4.15.6 crash-gcore-debuginfo-7.1.8-4.15.6 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): crash-7.1.8-4.15.6 crash-debuginfo-7.1.8-4.15.6 crash-debugsource-7.1.8-4.15.6 crash-kmp-default-7.1.8_k4.4.180_94.141-4.15.6 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.141-4.15.6 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): crash-gcore-7.1.8-4.15.6 crash-gcore-debuginfo-7.1.8-4.15.6 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): crash-7.1.8-4.15.6 crash-debuginfo-7.1.8-4.15.6 crash-debugsource-7.1.8-4.15.6 crash-gcore-7.1.8-4.15.6 crash-gcore-debuginfo-7.1.8-4.15.6 crash-kmp-default-7.1.8_k4.4.180_94.141-4.15.6 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.141-4.15.6 - HPE Helion Openstack 8 (x86_64): crash-7.1.8-4.15.6 crash-debuginfo-7.1.8-4.15.6 crash-debugsource-7.1.8-4.15.6 crash-gcore-7.1.8-4.15.6 crash-gcore-debuginfo-7.1.8-4.15.6 crash-kmp-default-7.1.8_k4.4.180_94.141-4.15.6 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.141-4.15.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 13:19:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 15:19:51 +0200 (CEST) Subject: SUSE-RU-2021:1121-1: moderate: Recommended update for dpdk Message-ID: <20210409131951.36043F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1121-1 Rating: moderate References: #1182570 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1121=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1121=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1121=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1121=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dpdk-17.11.7-5.10.10 dpdk-debuginfo-17.11.7-5.10.10 dpdk-debugsource-17.11.7-5.10.10 dpdk-kmp-default-17.11.7_k4.12.14_95.71-5.10.10 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.71-5.10.10 dpdk-tools-17.11.7-5.10.10 dpdk-tools-debuginfo-17.11.7-5.10.10 libdpdk-17_11-17.11.7-5.10.10 libdpdk-17_11-debuginfo-17.11.7-5.10.10 - SUSE OpenStack Cloud 9 (x86_64): dpdk-17.11.7-5.10.10 dpdk-debuginfo-17.11.7-5.10.10 dpdk-debugsource-17.11.7-5.10.10 dpdk-kmp-default-17.11.7_k4.12.14_95.71-5.10.10 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.71-5.10.10 dpdk-tools-17.11.7-5.10.10 dpdk-tools-debuginfo-17.11.7-5.10.10 libdpdk-17_11-17.11.7-5.10.10 libdpdk-17_11-debuginfo-17.11.7-5.10.10 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dpdk-17.11.7-5.10.10 dpdk-debuginfo-17.11.7-5.10.10 dpdk-debugsource-17.11.7-5.10.10 dpdk-tools-17.11.7-5.10.10 dpdk-tools-debuginfo-17.11.7-5.10.10 libdpdk-17_11-17.11.7-5.10.10 libdpdk-17_11-debuginfo-17.11.7-5.10.10 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): dpdk-kmp-default-17.11.7_k4.12.14_95.71-5.10.10 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.71-5.10.10 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le x86_64): dpdk-17.11.7-5.10.10 dpdk-debuginfo-17.11.7-5.10.10 dpdk-debugsource-17.11.7-5.10.10 dpdk-tools-17.11.7-5.10.10 dpdk-tools-debuginfo-17.11.7-5.10.10 libdpdk-17_11-17.11.7-5.10.10 libdpdk-17_11-debuginfo-17.11.7-5.10.10 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): dpdk-thunderx-17.11.7-5.10.10 dpdk-thunderx-debuginfo-17.11.7-5.10.10 dpdk-thunderx-debugsource-17.11.7-5.10.10 dpdk-thunderx-kmp-default-17.11.7_k4.12.14_95.71-5.10.10 dpdk-thunderx-kmp-default-debuginfo-17.11.7_k4.12.14_95.71-5.10.10 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): dpdk-kmp-default-17.11.7_k4.12.14_95.71-5.10.10 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.71-5.10.10 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 13:20:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 15:20:52 +0200 (CEST) Subject: SUSE-RU-2021:1119-1: moderate: Recommended update for oracleasm Message-ID: <20210409132052.9EBB2F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1119-1 Rating: moderate References: #1182570 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1119=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1119=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1119=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1119=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.71-4.7.6 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.71-4.7.6 - SUSE OpenStack Cloud 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.71-4.7.6 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.71-4.7.6 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.71-4.7.6 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.71-4.7.6 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.71-4.7.6 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.71-4.7.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 19:15:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 21:15:54 +0200 (CEST) Subject: SUSE-RU-2021:1122-1: moderate: Recommended update for oracleasm Message-ID: <20210409191554.034DBF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1122-1 Rating: moderate References: #1182570 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1122=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1122=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.152-8.4.6 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.152-8.4.6 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.152-8.4.6 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.152-8.4.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 9 19:16:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 21:16:52 +0200 (CEST) Subject: SUSE-SU-2021:1123-1: important: Security update for fwupdate Message-ID: <20210409191652.8EC47F78E@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1123-1 Rating: important References: #1182057 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1123=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1123=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): fwupdate-0.5-7.5.1 fwupdate-debuginfo-0.5-7.5.1 fwupdate-debugsource-0.5-7.5.1 fwupdate-efi-0.5-7.5.1 fwupdate-efi-debuginfo-0.5-7.5.1 libfwup0-0.5-7.5.1 libfwup0-debuginfo-0.5-7.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): fwupdate-0.5-7.5.1 fwupdate-debuginfo-0.5-7.5.1 fwupdate-debugsource-0.5-7.5.1 fwupdate-efi-0.5-7.5.1 fwupdate-efi-debuginfo-0.5-7.5.1 libfwup0-0.5-7.5.1 libfwup0-debuginfo-0.5-7.5.1 References: https://bugzilla.suse.com/1182057 From sle-updates at lists.suse.com Fri Apr 9 19:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Apr 2021 21:17:54 +0200 (CEST) Subject: SUSE-SU-2021:1125-1: moderate: Security update for wpa_supplicant Message-ID: <20210409191754.BA2A1F78E@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1125-1 Rating: moderate References: #1184348 Cross-References: CVE-2021-30004 CVSS scores: CVE-2021-30004 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-30004 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters were mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1125=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-23.12.1 wpa_supplicant-debuginfo-2.9-23.12.1 wpa_supplicant-debugsource-2.9-23.12.1 References: https://www.suse.com/security/cve/CVE-2021-30004.html https://bugzilla.suse.com/1184348 From sle-updates at lists.suse.com Fri Apr 9 22:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Apr 2021 00:18:09 +0200 (CEST) Subject: SUSE-RU-2021:1128-1: moderate: Recommended update for lvm2 Message-ID: <20210409221809.5E774F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1128-1 Rating: moderate References: #1183905 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Fixed a bug where the --stripes option was not recognized (bsc#1183905) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1128=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1128=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1128=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1128=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.54.1 lvm2-debuginfo-2.02.180-9.54.1 lvm2-debugsource-2.02.180-9.54.1 lvm2-devel-2.02.180-9.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.54.1 device-mapper-debuginfo-1.02.149-9.54.1 lvm2-2.02.180-9.54.1 lvm2-debuginfo-2.02.180-9.54.1 lvm2-debugsource-2.02.180-9.54.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): device-mapper-32bit-1.02.149-9.54.1 device-mapper-debuginfo-32bit-1.02.149-9.54.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.54.1 lvm2-clvm-debuginfo-2.02.180-9.54.1 lvm2-cmirrord-2.02.180-9.54.1 lvm2-cmirrord-debuginfo-2.02.180-9.54.1 lvm2-debuginfo-2.02.180-9.54.1 lvm2-debugsource-2.02.180-9.54.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.54.1 lvm2-clvm-debuginfo-2.02.180-9.54.1 lvm2-cmirrord-2.02.180-9.54.1 lvm2-cmirrord-debuginfo-2.02.180-9.54.1 lvm2-debuginfo-2.02.180-9.54.1 lvm2-debugsource-2.02.180-9.54.1 References: https://bugzilla.suse.com/1183905 From sle-updates at lists.suse.com Fri Apr 9 22:20:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Apr 2021 00:20:11 +0200 (CEST) Subject: SUSE-RU-2021:1127-1: Recommended update for gnome-shell-extension-desktop-icons Message-ID: <20210409222011.06525F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell-extension-desktop-icons ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1127-1 Rating: low References: #1183504 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-shell-extension-desktop-icons fixes the following issues: - Fixed ISO file icon (bsc#1183504) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1127=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-shell-extension-desktop-icons-19.10.2-3.9.1 References: https://bugzilla.suse.com/1183504 From sle-updates at lists.suse.com Mon Apr 12 13:16:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 15:16:14 +0200 (CEST) Subject: SUSE-RU-2021:1133-1: moderate: Recommended update for drbd Message-ID: <20210412131614.C687AFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1133-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1133=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-3.27.6 drbd-debugsource-9.0.14+git.62f906cf-3.27.6 drbd-kmp-default-9.0.14+git.62f906cf_k4.4.180_94.141-3.27.6 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.4.180_94.141-3.27.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 13:17:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 15:17:14 +0200 (CEST) Subject: SUSE-RU-2021:1131-1: moderate: Recommended update for drbd Message-ID: <20210412131714.C0A44FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1131-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1131=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-11.10.7 drbd-debugsource-9.0.14+git.62f906cf-11.10.7 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.63-11.10.7 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.63-11.10.7 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 13:19:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 15:19:27 +0200 (CEST) Subject: SUSE-RU-2021:1134-1: moderate: Recommended update for drbd Message-ID: <20210412131927.CDA50FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1134-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1134=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-4.17.6 drbd-debugsource-9.0.14+git.62f906cf-4.17.6 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.71-4.17.6 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.71-4.17.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 13:20:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 15:20:30 +0200 (CEST) Subject: SUSE-RU-2021:1135-1: moderate: Recommended update for drbd Message-ID: <20210412132030.915EDFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1135-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1135=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-9.0.16+git.ab9777df-8.19.8 drbd-debugsource-9.0.16+git.ab9777df-8.19.8 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_197.86-8.19.8 drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_197.86-8.19.8 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 13:21:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 15:21:34 +0200 (CEST) Subject: SUSE-RU-2021:1130-1: moderate: Recommended update for dpdk Message-ID: <20210412132134.30983FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1130-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1130=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1130=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1130=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1130=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dpdk-18.11.9-3.27.13 dpdk-debuginfo-18.11.9-3.27.13 dpdk-debugsource-18.11.9-3.27.13 dpdk-devel-18.11.9-3.27.13 dpdk-devel-debuginfo-18.11.9-3.27.13 dpdk-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 dpdk-tools-18.11.9-3.27.13 dpdk-tools-debuginfo-18.11.9-3.27.13 libdpdk-18_11-18.11.9-3.27.13 libdpdk-18_11-debuginfo-18.11.9-3.27.13 - SUSE Linux Enterprise Server 15-LTSS (aarch64): dpdk-18.11.9-3.27.13 dpdk-debuginfo-18.11.9-3.27.13 dpdk-debugsource-18.11.9-3.27.13 dpdk-devel-18.11.9-3.27.13 dpdk-devel-debuginfo-18.11.9-3.27.13 dpdk-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 dpdk-thunderx-18.11.9-3.27.13 dpdk-thunderx-debuginfo-18.11.9-3.27.13 dpdk-thunderx-debugsource-18.11.9-3.27.13 dpdk-thunderx-devel-18.11.9-3.27.13 dpdk-thunderx-devel-debuginfo-18.11.9-3.27.13 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 dpdk-tools-18.11.9-3.27.13 dpdk-tools-debuginfo-18.11.9-3.27.13 libdpdk-18_11-18.11.9-3.27.13 libdpdk-18_11-debuginfo-18.11.9-3.27.13 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dpdk-18.11.9-3.27.13 dpdk-debuginfo-18.11.9-3.27.13 dpdk-debugsource-18.11.9-3.27.13 dpdk-devel-18.11.9-3.27.13 dpdk-devel-debuginfo-18.11.9-3.27.13 dpdk-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 dpdk-tools-18.11.9-3.27.13 dpdk-tools-debuginfo-18.11.9-3.27.13 libdpdk-18_11-18.11.9-3.27.13 libdpdk-18_11-debuginfo-18.11.9-3.27.13 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): dpdk-thunderx-18.11.9-3.27.13 dpdk-thunderx-debuginfo-18.11.9-3.27.13 dpdk-thunderx-debugsource-18.11.9-3.27.13 dpdk-thunderx-devel-18.11.9-3.27.13 dpdk-thunderx-devel-debuginfo-18.11.9-3.27.13 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dpdk-18.11.9-3.27.13 dpdk-debuginfo-18.11.9-3.27.13 dpdk-debugsource-18.11.9-3.27.13 dpdk-devel-18.11.9-3.27.13 dpdk-devel-debuginfo-18.11.9-3.27.13 dpdk-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 dpdk-tools-18.11.9-3.27.13 dpdk-tools-debuginfo-18.11.9-3.27.13 libdpdk-18_11-18.11.9-3.27.13 libdpdk-18_11-debuginfo-18.11.9-3.27.13 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): dpdk-thunderx-18.11.9-3.27.13 dpdk-thunderx-debuginfo-18.11.9-3.27.13 dpdk-thunderx-debugsource-18.11.9-3.27.13 dpdk-thunderx-devel-18.11.9-3.27.13 dpdk-thunderx-devel-debuginfo-18.11.9-3.27.13 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150.69-3.27.13 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150.69-3.27.13 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 13:22:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 15:22:44 +0200 (CEST) Subject: SUSE-RU-2021:1129-1: moderate: Recommended update for crash Message-ID: <20210412132244.A89D3FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1129-1 Rating: moderate References: #1182570 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1129=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1129=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): crash-7.1.5-15.7.6 crash-debuginfo-7.1.5-15.7.6 crash-debugsource-7.1.5-15.7.6 crash-kmp-default-7.1.5_k4.4.121_92.152-15.7.6 crash-kmp-default-debuginfo-7.1.5_k4.4.121_92.152-15.7.6 - SUSE OpenStack Cloud 7 (x86_64): crash-gcore-7.1.5-15.7.6 crash-gcore-debuginfo-7.1.5-15.7.6 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): crash-7.1.5-15.7.6 crash-debuginfo-7.1.5-15.7.6 crash-debugsource-7.1.5-15.7.6 crash-gcore-7.1.5-15.7.6 crash-gcore-debuginfo-7.1.5-15.7.6 crash-kmp-default-7.1.5_k4.4.121_92.152-15.7.6 crash-kmp-default-debuginfo-7.1.5_k4.4.121_92.152-15.7.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 16:16:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:16:13 +0200 (CEST) Subject: SUSE-SU-2021:1145-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) Message-ID: <20210412161613.8C430FCF8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1145-1 Rating: important References: #1182717 #1183120 #1183491 Cross-References: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVSS scores: CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1142=1 SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1143=1 SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1144=1 SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1145=1 SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1146=1 SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1147=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1142=1 SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1143=1 SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1144=1 SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1145=1 SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1146=1 SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1147=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): kgraft-patch-4_4_121-92_129-default-10-2.2 kgraft-patch-4_4_121-92_135-default-8-2.2 kgraft-patch-4_4_121-92_138-default-8-2.2 kgraft-patch-4_4_121-92_141-default-7-2.2 kgraft-patch-4_4_121-92_146-default-5-2.2 kgraft-patch-4_4_121-92_149-default-3-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): kgraft-patch-4_4_121-92_129-default-10-2.2 kgraft-patch-4_4_121-92_135-default-8-2.2 kgraft-patch-4_4_121-92_138-default-8-2.2 kgraft-patch-4_4_121-92_141-default-7-2.2 kgraft-patch-4_4_121-92_146-default-5-2.2 kgraft-patch-4_4_121-92_149-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183120 https://bugzilla.suse.com/1183491 From sle-updates at lists.suse.com Mon Apr 12 16:17:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:17:28 +0200 (CEST) Subject: SUSE-RU-2021:1139-1: moderate: Recommended update for open-iscsi Message-ID: <20210412161728.24CB6FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1139-1 Rating: moderate References: #1183421 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Enable iscsi.service asynchronous logins, cleanup services - Implement login "no_wait" for iscsiadm NODE mode (bsc#1183421) - Add ability to attempt target logins asynchronously Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1139=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-12.30.1 iscsiuio-debuginfo-0.7.8.2-12.30.1 libopeniscsiusr0_2_0-2.0.876-12.30.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.30.1 open-iscsi-2.0.876-12.30.1 open-iscsi-debuginfo-2.0.876-12.30.1 open-iscsi-debugsource-2.0.876-12.30.1 References: https://bugzilla.suse.com/1183421 From sle-updates at lists.suse.com Mon Apr 12 16:18:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:18:31 +0200 (CEST) Subject: SUSE-RU-2021:1141-1: Recommended update for openldap2 Message-ID: <20210412161831.763B0FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1141-1 Rating: low References: #1182791 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1141=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1141=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1141=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1141=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libldap-2_4-2-2.4.46-9.51.1 libldap-2_4-2-debuginfo-2.4.46-9.51.1 openldap2-debuginfo-2.4.46-9.51.1 openldap2-debugsource-2.4.46-9.51.1 - SUSE MicroOS 5.0 (noarch): libldap-data-2.4.46-9.51.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.51.1 openldap2-back-meta-2.4.46-9.51.1 openldap2-back-meta-debuginfo-2.4.46-9.51.1 openldap2-back-perl-2.4.46-9.51.1 openldap2-back-perl-debuginfo-2.4.46-9.51.1 openldap2-debuginfo-2.4.46-9.51.1 openldap2-debugsource-2.4.46-9.51.1 openldap2-ppolicy-check-password-1.2-9.51.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.51.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.51.1 openldap2-devel-32bit-2.4.46-9.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.51.1 libldap-2_4-2-debuginfo-2.4.46-9.51.1 openldap2-client-2.4.46-9.51.1 openldap2-client-debuginfo-2.4.46-9.51.1 openldap2-debugsource-2.4.46-9.51.1 openldap2-devel-2.4.46-9.51.1 openldap2-devel-static-2.4.46-9.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.51.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.51.1 References: https://bugzilla.suse.com/1182791 From sle-updates at lists.suse.com Mon Apr 12 16:19:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:19:36 +0200 (CEST) Subject: SUSE-RU-2021:1140-1: Recommended update for libqt5-qtbase Message-ID: <20210412161936.CE4B8FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1140-1 Rating: low References: #1178600 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqt5-qtbase fixes the following issues: - Fixed clipboard breaking when timer wraps after 50 days (bsc#1178600) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1140=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1140=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.28.1 libQt5Concurrent-devel-5.6.2-6.28.1 libQt5Core-devel-5.6.2-6.28.1 libQt5DBus-devel-5.6.2-6.28.1 libQt5DBus-devel-debuginfo-5.6.2-6.28.1 libQt5Gui-devel-5.6.2-6.28.1 libQt5Network-devel-5.6.2-6.28.1 libQt5OpenGL-devel-5.6.2-6.28.1 libQt5OpenGLExtensions-devel-static-5.6.2-6.28.1 libQt5PlatformHeaders-devel-5.6.2-6.28.1 libQt5PlatformSupport-devel-static-5.6.2-6.28.1 libQt5PrintSupport-devel-5.6.2-6.28.1 libQt5Sql-devel-5.6.2-6.28.1 libQt5Test-devel-5.6.2-6.28.1 libQt5Widgets-devel-5.6.2-6.28.1 libQt5Xml-devel-5.6.2-6.28.1 libqt5-qtbase-common-devel-5.6.2-6.28.1 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.28.1 libqt5-qtbase-debugsource-5.6.2-6.28.1 libqt5-qtbase-devel-5.6.2-6.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libQt5Core-private-headers-devel-5.6.2-6.28.1 libQt5DBus-private-headers-devel-5.6.2-6.28.1 libQt5Gui-private-headers-devel-5.6.2-6.28.1 libQt5Network-private-headers-devel-5.6.2-6.28.1 libQt5OpenGL-private-headers-devel-5.6.2-6.28.1 libQt5PlatformSupport-private-headers-devel-5.6.2-6.28.1 libQt5PrintSupport-private-headers-devel-5.6.2-6.28.1 libQt5Sql-private-headers-devel-5.6.2-6.28.1 libQt5Test-private-headers-devel-5.6.2-6.28.1 libQt5Widgets-private-headers-devel-5.6.2-6.28.1 libqt5-qtbase-private-headers-devel-5.6.2-6.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.28.1 libQt5Concurrent5-debuginfo-5.6.2-6.28.1 libQt5Core5-5.6.2-6.28.1 libQt5Core5-debuginfo-5.6.2-6.28.1 libQt5DBus5-5.6.2-6.28.1 libQt5DBus5-debuginfo-5.6.2-6.28.1 libQt5Gui5-5.6.2-6.28.1 libQt5Gui5-debuginfo-5.6.2-6.28.1 libQt5Network5-5.6.2-6.28.1 libQt5Network5-debuginfo-5.6.2-6.28.1 libQt5OpenGL5-5.6.2-6.28.1 libQt5OpenGL5-debuginfo-5.6.2-6.28.1 libQt5PrintSupport5-5.6.2-6.28.1 libQt5PrintSupport5-debuginfo-5.6.2-6.28.1 libQt5Sql5-5.6.2-6.28.1 libQt5Sql5-debuginfo-5.6.2-6.28.1 libQt5Sql5-mysql-5.6.2-6.28.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.28.1 libQt5Sql5-postgresql-5.6.2-6.28.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.28.1 libQt5Sql5-sqlite-5.6.2-6.28.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.28.1 libQt5Sql5-unixODBC-5.6.2-6.28.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.28.1 libQt5Test5-5.6.2-6.28.1 libQt5Test5-debuginfo-5.6.2-6.28.1 libQt5Widgets5-5.6.2-6.28.1 libQt5Widgets5-debuginfo-5.6.2-6.28.1 libQt5Xml5-5.6.2-6.28.1 libQt5Xml5-debuginfo-5.6.2-6.28.1 libqt5-qtbase-debugsource-5.6.2-6.28.1 References: https://bugzilla.suse.com/1178600 From sle-updates at lists.suse.com Mon Apr 12 16:20:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:20:45 +0200 (CEST) Subject: SUSE-RU-2021:1137-1: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20210412162045.85949FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1137-1 Rating: low References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issues: - Added data for 4_12_14-122_63, 4_12_14-95_71, 4_4_121-92_152, 4_4_180-94_141 (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1137=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1137=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1137=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1137=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1137=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2021-1137=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2021-1137=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.51.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.51.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.51.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.85.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.85.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.85.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.85.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Mon Apr 12 16:21:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:21:52 +0200 (CEST) Subject: SUSE-SU-2021:1148-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP2) Message-ID: <20210412162152.C0E28FCF8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1148-1 Rating: important References: #1165631 #1176931 #1177513 #1182717 #1183120 #1183491 Cross-References: CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVSS scores: CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-1749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25645 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25645 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_152 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to local escalation of privilege with System execution privileges needed (bsc#1176931). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1148=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1148=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): kgraft-patch-4_4_121-92_152-default-2-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): kgraft-patch-4_4_121-92_152-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25645.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1177513 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183120 https://bugzilla.suse.com/1183491 From sle-updates at lists.suse.com Mon Apr 12 16:23:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:23:20 +0200 (CEST) Subject: SUSE-RU-2021:1136-1: moderate: Recommended update for scap-security-guide Message-ID: <20210412162320.C490FFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1136-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: This update ships the ComplianceAsCode build version 0.1.55+git containing the following supported file: - SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied, more rules added compared to 0.1.54) - SCAP STIG automation for SUSE Linux Enterprise 15 (SUSE supplied, new, first rules added) - CIS automation for SUSE Linux Enterprise 15 (community supplied) It can be evaluated using "oscap" from "openscap-utils", e.g. by doing on SUSE Linux Enterprise 12: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml On SUSE Linux Enterprise 15: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml or the community supplied CIS on SUSE Linux Enterprise 15: - oscap xccdf eval --profile cis /suse/meissner/scap/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml More content will be added in future updates. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1136=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.55git20210323-3.7.1 scap-security-guide-debian-0.1.55git20210323-3.7.1 scap-security-guide-redhat-0.1.55git20210323-3.7.1 scap-security-guide-ubuntu-0.1.55git20210323-3.7.1 References: From sle-updates at lists.suse.com Mon Apr 12 16:24:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 18:24:15 +0200 (CEST) Subject: SUSE-RU-2021:1138-1: Recommended update for crmsh Message-ID: <20210412162415.0CD62FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1138-1 Rating: low References: #1180332 #1181907 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Change exit code and error to warning for some unharmful actions (bsc#1180332) - Raise warning when configuring diskless SBD with node's count less than three (bsc#1181907) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1138=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.0+20210315.5d07d43e-5.45.1 crmsh-scripts-4.3.0+20210315.5d07d43e-5.45.1 References: https://bugzilla.suse.com/1180332 https://bugzilla.suse.com/1181907 From sle-updates at lists.suse.com Mon Apr 12 19:15:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 21:15:46 +0200 (CEST) Subject: SUSE-RU-2021:14688-1: moderate: Recommended update for drbd Message-ID: <20210412191546.D77A0F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14688-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-drbd-14688=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-drbd-14688=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 s390x x86_64): drbd-8.4.4-0.27.13.4 drbd-bash-completion-8.4.4-0.27.13.4 drbd-heartbeat-8.4.4-0.27.13.4 drbd-kmp-default-8.4.4_3.0.101_108.123-0.27.13.4 drbd-kmp-trace-8.4.4_3.0.101_108.123-0.27.13.4 drbd-pacemaker-8.4.4-0.27.13.4 drbd-udev-8.4.4-0.27.13.4 drbd-utils-8.4.4-0.27.13.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): drbd-kmp-xen-8.4.4_3.0.101_108.123-0.27.13.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.27.13.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): drbd-kmp-bigmem-8.4.4_3.0.101_108.123-0.27.13.4 drbd-kmp-ppc64-8.4.4_3.0.101_108.123-0.27.13.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): drbd-kmp-pae-8.4.4_3.0.101_108.123-0.27.13.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): drbd-debuginfo-8.4.4-0.27.13.4 drbd-debugsource-8.4.4-0.27.13.4 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 19:16:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Apr 2021 21:16:48 +0200 (CEST) Subject: SUSE-RU-2021:1149-1: moderate: Recommended update for oracleasm Message-ID: <20210412191648.B61D7F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1149-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1149=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1149=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1149=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1149=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.69-4.7.7 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.69-4.7.7 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): oracleasm-kmp-default-2.0.8_k4.12.14_150.69-4.7.7 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.69-4.7.7 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.69-4.7.7 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.69-4.7.7 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.69-4.7.7 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.69-4.7.7 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 12 22:15:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 00:15:53 +0200 (CEST) Subject: SUSE-SU-2021:1152-1: important: Security update for spamassassin Message-ID: <20210412221553.5A6B7F78E@maintenance.suse.de> SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1152-1 Rating: important References: #1159133 #1184221 Cross-References: CVE-2019-12420 CVE-2020-1946 CVSS scores: CVE-2019-12420 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-12420 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-1946 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spamassassin fixes the following issues: - spamassassin was updated to version 3.4.5 - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1152=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1152=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1152=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1152=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1152=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1152=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1152=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1152=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1152=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1152=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1152=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1152=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1152=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1152=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE OpenStack Cloud 9 (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE OpenStack Cloud 8 (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 - HPE Helion Openstack 8 (x86_64): perl-Mail-SpamAssassin-3.4.5-44.13.1 spamassassin-3.4.5-44.13.1 spamassassin-debuginfo-3.4.5-44.13.1 spamassassin-debugsource-3.4.5-44.13.1 References: https://www.suse.com/security/cve/CVE-2019-12420.html https://www.suse.com/security/cve/CVE-2020-1946.html https://bugzilla.suse.com/1159133 https://bugzilla.suse.com/1184221 From sle-updates at lists.suse.com Mon Apr 12 22:17:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 00:17:09 +0200 (CEST) Subject: SUSE-SU-2021:1153-1: important: Security update for spamassassin Message-ID: <20210412221709.4A8E1F78E@maintenance.suse.de> SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1153-1 Rating: important References: #1159133 #1184221 Cross-References: CVE-2019-12420 CVE-2020-1946 CVSS scores: CVE-2019-12420 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-12420 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-1946 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spamassassin fixes the following issues: - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1153=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1153=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1153=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1153=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.5-7.14.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1 spamassassin-3.4.5-7.14.1 spamassassin-debuginfo-3.4.5-7.14.1 spamassassin-debugsource-3.4.5-7.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): perl-Mail-SpamAssassin-3.4.5-7.14.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1 spamassassin-3.4.5-7.14.1 spamassassin-debuginfo-3.4.5-7.14.1 spamassassin-debugsource-3.4.5-7.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.5-7.14.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1 spamassassin-3.4.5-7.14.1 spamassassin-debuginfo-3.4.5-7.14.1 spamassassin-debugsource-3.4.5-7.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.5-7.14.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1 spamassassin-3.4.5-7.14.1 spamassassin-debuginfo-3.4.5-7.14.1 spamassassin-debugsource-3.4.5-7.14.1 References: https://www.suse.com/security/cve/CVE-2019-12420.html https://www.suse.com/security/cve/CVE-2020-1946.html https://bugzilla.suse.com/1159133 https://bugzilla.suse.com/1184221 From sle-updates at lists.suse.com Tue Apr 13 06:14:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 08:14:51 +0200 (CEST) Subject: SUSE-CU-2021:101-1: Recommended update of suse/sle15 Message-ID: <20210413061451.C55C9B4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:101-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.371 Container Release : 4.22.371 Severity : low Type : recommended References : 1182791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) From sle-updates at lists.suse.com Tue Apr 13 06:27:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 08:27:52 +0200 (CEST) Subject: SUSE-CU-2021:102-1: Recommended update of suse/sle15 Message-ID: <20210413062752.6A17DB4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:102-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.431 Container Release : 6.2.431 Severity : low Type : recommended References : 1182791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) From sle-updates at lists.suse.com Tue Apr 13 06:34:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 08:34:53 +0200 (CEST) Subject: SUSE-CU-2021:103-1: Recommended update of suse/sle15 Message-ID: <20210413063453.15AEDB4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:103-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.887 Container Release : 8.2.887 Severity : low Type : recommended References : 1182791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) From sle-updates at lists.suse.com Tue Apr 13 07:15:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 09:15:45 +0200 (CEST) Subject: SUSE-RU-2021:1155-1: important: Recommended update for sblim-sfcb Message-ID: <20210413071545.64D1CF78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1155-1 Rating: important References: #1180753 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sblim-sfcb fixes the following issue: - Avoid a double free during a failed localhost client connection. (bsc#1180753) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1155=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1155=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1155=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1155=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1155=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1155=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1155=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1155=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1155=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1155=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1155=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1155=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1155=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1155=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Manager Proxy 4.0 (x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 - SUSE CaaS Platform 4.0 (x86_64): sblim-sfcb-1.4.9-5.6.1 sblim-sfcb-debuginfo-1.4.9-5.6.1 sblim-sfcb-debugsource-1.4.9-5.6.1 References: https://bugzilla.suse.com/1180753 From sle-updates at lists.suse.com Tue Apr 13 07:17:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 09:17:40 +0200 (CEST) Subject: SUSE-RU-2021:1154-1: important: Recommended update for sblim-sfcb Message-ID: <20210413071740.DCFB1F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1154-1 Rating: important References: #1180753 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sblim-sfcb fixes the following issues: - Avoid double free during a failed localhost client connection. (bsc#1180753) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1154=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1154=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1154=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1154=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1154=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1154=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1154=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1154=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1154=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1154=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1154=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1154=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1154=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1154=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE OpenStack Cloud 9 (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE OpenStack Cloud 8 (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 - HPE Helion Openstack 8 (x86_64): sblim-sfcb-1.4.8-17.10.1 sblim-sfcb-debuginfo-1.4.8-17.10.1 sblim-sfcb-debugsource-1.4.8-17.10.1 References: https://bugzilla.suse.com/1180753 From sle-updates at lists.suse.com Tue Apr 13 13:16:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 15:16:17 +0200 (CEST) Subject: SUSE-SU-2021:1161-1: moderate: Security update for cifs-utils Message-ID: <20210413131617.D91EEFCF8@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1161-1 Rating: moderate References: #1183239 Cross-References: CVE-2021-20208 CVSS scores: CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1161=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.9.1 cifs-utils-debuginfo-6.9-5.9.1 cifs-utils-debugsource-6.9-5.9.1 cifs-utils-devel-6.9-5.9.1 References: https://www.suse.com/security/cve/CVE-2021-20208.html https://bugzilla.suse.com/1183239 From sle-updates at lists.suse.com Tue Apr 13 13:18:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 15:18:19 +0200 (CEST) Subject: SUSE-SU-2021:1162-1: moderate: Security update for rubygem-actionpack-4_2 Message-ID: <20210413131819.1BC12FCF8@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1162-1 Rating: moderate References: #1159548 Cross-References: CVE-2019-16782 CVSS scores: CVE-2019-16782 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack (bsc#1159548) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1162=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1162=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1162=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 References: https://www.suse.com/security/cve/CVE-2019-16782.html https://bugzilla.suse.com/1159548 From sle-updates at lists.suse.com Tue Apr 13 13:19:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 15:19:22 +0200 (CEST) Subject: SUSE-SU-2021:1159-1: moderate: Security update for cifs-utils Message-ID: <20210413131922.60FF0FCF8@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1159-1 Rating: moderate References: #1183239 Cross-References: CVE-2021-20208 CVSS scores: CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1159=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1159=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-13.14.1 cifs-utils-debugsource-6.9-13.14.1 cifs-utils-devel-6.9-13.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.14.1 cifs-utils-debuginfo-6.9-13.14.1 cifs-utils-debugsource-6.9-13.14.1 References: https://www.suse.com/security/cve/CVE-2021-20208.html https://bugzilla.suse.com/1183239 From sle-updates at lists.suse.com Tue Apr 13 16:16:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:16:21 +0200 (CEST) Subject: SUSE-SU-2021:1166-1: moderate: Security update for wpa_supplicant Message-ID: <20210413161621.CCCF5F78E@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1166-1 Rating: moderate References: #1184348 Cross-References: CVE-2021-30004 CVSS scores: CVE-2021-30004 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-30004 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1166=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1166=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): wpa_supplicant-2.9-4.29.1 wpa_supplicant-debuginfo-2.9-4.29.1 wpa_supplicant-debugsource-2.9-4.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.29.1 wpa_supplicant-debuginfo-2.9-4.29.1 wpa_supplicant-debugsource-2.9-4.29.1 References: https://www.suse.com/security/cve/CVE-2021-30004.html https://bugzilla.suse.com/1184348 From sle-updates at lists.suse.com Tue Apr 13 16:17:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:17:23 +0200 (CEST) Subject: SUSE-RU-2021:1170-1: moderate: Recommended update for yast2-security Message-ID: <20210413161723.08DC4F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-security ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1170-1 Rating: moderate References: #1182940 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-security fixes the following issues: - Fixed a bug where yast2-security tried to set the SELinux mode, even though it is not configurable on the system (bsc#1182940) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1170=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1170=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-security-4.2.24-3.24.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-security-4.2.24-3.24.1 References: https://bugzilla.suse.com/1182940 From sle-updates at lists.suse.com Tue Apr 13 16:18:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:18:26 +0200 (CEST) Subject: SUSE-RU-2021:1169-1: Recommended update for procps Message-ID: <20210413161826.3D293F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1169-1 Rating: low References: #1181976 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1169=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1169=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libprocps7-3.3.15-7.16.1 libprocps7-debuginfo-3.3.15-7.16.1 procps-3.3.15-7.16.1 procps-debuginfo-3.3.15-7.16.1 procps-debugsource-3.3.15-7.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-7.16.1 libprocps7-debuginfo-3.3.15-7.16.1 procps-3.3.15-7.16.1 procps-debuginfo-3.3.15-7.16.1 procps-debugsource-3.3.15-7.16.1 procps-devel-3.3.15-7.16.1 References: https://bugzilla.suse.com/1181976 From sle-updates at lists.suse.com Tue Apr 13 16:19:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:19:39 +0200 (CEST) Subject: SUSE-SU-2021:1164-1: important: Security update for open-iscsi Message-ID: <20210413161939.269D7F78E@maintenance.suse.de> SUSE Security Update: Security update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1164-1 Rating: important References: #1173886 #1179908 #1183421 Cross-References: CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVSS scores: CVE-2020-13987 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-13987 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2020-13988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-17437 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-17437 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-17438 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-17438 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for open-iscsi fixes the following issues: - CVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908) - CVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908) - CVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908) - CVE-2020-13988: uIP Integer Overflow (bsc#1179908) - Enabled no-wait ("-W") iscsiadm option for iscsi login service (bsc#1173886, bsc#1183421) - Added the ability to perform async logins (bsc#1173886) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1164=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1164=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1164=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1164=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1164=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1164=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1164=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1164=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-1164=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1164=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1164=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1164=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1164=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1164=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1164=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Manager Proxy 4.0 (x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 - SUSE CaaS Platform 4.0 (x86_64): iscsiuio-0.7.8.2-13.42.1 iscsiuio-debuginfo-0.7.8.2-13.42.1 libopeniscsiusr0_2_0-2.0.876-13.42.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1 open-iscsi-2.0.876-13.42.1 open-iscsi-debuginfo-2.0.876-13.42.1 open-iscsi-debugsource-2.0.876-13.42.1 open-iscsi-devel-2.0.876-13.42.1 References: https://www.suse.com/security/cve/CVE-2020-13987.html https://www.suse.com/security/cve/CVE-2020-13988.html https://www.suse.com/security/cve/CVE-2020-17437.html https://www.suse.com/security/cve/CVE-2020-17438.html https://bugzilla.suse.com/1173886 https://bugzilla.suse.com/1179908 https://bugzilla.suse.com/1183421 From sle-updates at lists.suse.com Tue Apr 13 16:21:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:21:05 +0200 (CEST) Subject: SUSE-SU-2021:1167-1: important: Security update for MozillaThunderbird Message-ID: <20210413162105.13888F78E@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1167-1 Rating: important References: #1177542 #1183942 #1184536 Cross-References: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23991 CVE-2021-23992 CVSS scores: CVE-2021-23981 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-23982 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-23984 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-23987 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23991 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to version 78.9.1 (MFSA 2021-12,MFSA 2021-13, bsc#1183942, bsc#1184536) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs * CVE-2021-23991: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key * CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key - cleaned up and fixed mozilla.sh.in for wayland (bsc#1177542) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1167=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1167=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-78.9.1-8.20.1 MozillaThunderbird-debuginfo-78.9.1-8.20.1 MozillaThunderbird-debugsource-78.9.1-8.20.1 MozillaThunderbird-translations-common-78.9.1-8.20.1 MozillaThunderbird-translations-other-78.9.1-8.20.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-78.9.1-8.20.1 MozillaThunderbird-debuginfo-78.9.1-8.20.1 MozillaThunderbird-debugsource-78.9.1-8.20.1 MozillaThunderbird-translations-common-78.9.1-8.20.1 MozillaThunderbird-translations-other-78.9.1-8.20.1 References: https://www.suse.com/security/cve/CVE-2021-23981.html https://www.suse.com/security/cve/CVE-2021-23982.html https://www.suse.com/security/cve/CVE-2021-23984.html https://www.suse.com/security/cve/CVE-2021-23987.html https://www.suse.com/security/cve/CVE-2021-23991.html https://www.suse.com/security/cve/CVE-2021-23992.html https://bugzilla.suse.com/1177542 https://bugzilla.suse.com/1183942 https://bugzilla.suse.com/1184536 From sle-updates at lists.suse.com Tue Apr 13 16:22:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:22:21 +0200 (CEST) Subject: SUSE-SU-2021:1168-1: moderate: Security update for opensc Message-ID: <20210413162221.6305AF78E@maintenance.suse.de> SUSE Security Update: Security update for opensc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1168-1 Rating: moderate References: #1149746 #1149747 #1158256 #1158307 #1170809 #1177364 #1177378 #1177380 Cross-References: CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-19480 CVE-2019-20792 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 CVSS scores: CVE-2019-15945 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-15945 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-15946 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-15946 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-19479 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2019-19479 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2019-19480 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20792 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-20792 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-26570 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-26570 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26571 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-26571 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26572 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-26572 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for opensc fixes the following issues: - CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746). - CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747) - CVE-2019-19479: Fixed an incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256) - CVE-2019-19480: Fixed an improper free operation in sc_pkcs15_decode_prkdf_entry (bsc#1158307). - CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809). - CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file (bsc#1177364). - CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart card software driver (bsc#1177380) - CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher (bsc#1177378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1168=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1168=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): opensc-0.19.0-3.7.1 opensc-debuginfo-0.19.0-3.7.1 opensc-debugsource-0.19.0-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): opensc-0.19.0-3.7.1 opensc-debuginfo-0.19.0-3.7.1 opensc-debugsource-0.19.0-3.7.1 References: https://www.suse.com/security/cve/CVE-2019-15945.html https://www.suse.com/security/cve/CVE-2019-15946.html https://www.suse.com/security/cve/CVE-2019-19479.html https://www.suse.com/security/cve/CVE-2019-19480.html https://www.suse.com/security/cve/CVE-2019-20792.html https://www.suse.com/security/cve/CVE-2020-26570.html https://www.suse.com/security/cve/CVE-2020-26571.html https://www.suse.com/security/cve/CVE-2020-26572.html https://bugzilla.suse.com/1149746 https://bugzilla.suse.com/1149747 https://bugzilla.suse.com/1158256 https://bugzilla.suse.com/1158307 https://bugzilla.suse.com/1170809 https://bugzilla.suse.com/1177364 https://bugzilla.suse.com/1177378 https://bugzilla.suse.com/1177380 From sle-updates at lists.suse.com Tue Apr 13 16:24:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:24:02 +0200 (CEST) Subject: SUSE-SU-2021:1163-1: important: Security update for spamassassin Message-ID: <20210413162402.ED7B9F78E@maintenance.suse.de> SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1163-1 Rating: important References: #1159133 #1184221 Cross-References: CVE-2019-12420 CVE-2020-1946 CVSS scores: CVE-2019-12420 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-12420 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-1946 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spamassassin fixes the following issues: - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1163=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1163=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1163=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1163=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1163=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1163=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1163=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1163=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1163=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1163=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1163=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1163=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1163=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Manager Proxy 4.0 (x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 - SUSE CaaS Platform 4.0 (x86_64): perl-Mail-SpamAssassin-3.4.5-12.10.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 spamassassin-3.4.5-12.10.1 spamassassin-debuginfo-3.4.5-12.10.1 spamassassin-debugsource-3.4.5-12.10.1 References: https://www.suse.com/security/cve/CVE-2019-12420.html https://www.suse.com/security/cve/CVE-2020-1946.html https://bugzilla.suse.com/1159133 https://bugzilla.suse.com/1184221 From sle-updates at lists.suse.com Tue Apr 13 16:25:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 18:25:22 +0200 (CEST) Subject: SUSE-SU-2021:1165-1: important: Security update for glibc Message-ID: <20210413162522.15B43F78E@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1165-1 Rating: important References: #1178386 #1179694 #1179721 #1184034 Cross-References: CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVSS scores: CVE-2020-27618 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27618 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-29562 (NVD) : 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-29562 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-29573 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29573 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) - CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) - Check vector support in memmove ifunc-selector (bsc#1184034) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1165=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1165=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1165=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1165=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1165=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1165=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): glibc-2.22-114.8.3 glibc-32bit-2.22-114.8.3 glibc-debuginfo-2.22-114.8.3 glibc-debuginfo-32bit-2.22-114.8.3 glibc-debugsource-2.22-114.8.3 glibc-devel-2.22-114.8.3 glibc-devel-32bit-2.22-114.8.3 glibc-devel-debuginfo-2.22-114.8.3 glibc-devel-debuginfo-32bit-2.22-114.8.3 glibc-locale-2.22-114.8.3 glibc-locale-32bit-2.22-114.8.3 glibc-locale-debuginfo-2.22-114.8.3 glibc-locale-debuginfo-32bit-2.22-114.8.3 glibc-profile-2.22-114.8.3 glibc-profile-32bit-2.22-114.8.3 nscd-2.22-114.8.3 nscd-debuginfo-2.22-114.8.3 - SUSE OpenStack Cloud Crowbar 9 (noarch): glibc-html-2.22-114.8.3 glibc-i18ndata-2.22-114.8.3 glibc-info-2.22-114.8.3 - SUSE OpenStack Cloud 9 (x86_64): glibc-2.22-114.8.3 glibc-32bit-2.22-114.8.3 glibc-debuginfo-2.22-114.8.3 glibc-debuginfo-32bit-2.22-114.8.3 glibc-debugsource-2.22-114.8.3 glibc-devel-2.22-114.8.3 glibc-devel-32bit-2.22-114.8.3 glibc-devel-debuginfo-2.22-114.8.3 glibc-devel-debuginfo-32bit-2.22-114.8.3 glibc-locale-2.22-114.8.3 glibc-locale-32bit-2.22-114.8.3 glibc-locale-debuginfo-2.22-114.8.3 glibc-locale-debuginfo-32bit-2.22-114.8.3 glibc-profile-2.22-114.8.3 glibc-profile-32bit-2.22-114.8.3 nscd-2.22-114.8.3 nscd-debuginfo-2.22-114.8.3 - SUSE OpenStack Cloud 9 (noarch): glibc-html-2.22-114.8.3 glibc-i18ndata-2.22-114.8.3 glibc-info-2.22-114.8.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-114.8.3 glibc-debugsource-2.22-114.8.3 glibc-devel-static-2.22-114.8.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): glibc-info-2.22-114.8.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): glibc-2.22-114.8.3 glibc-debuginfo-2.22-114.8.3 glibc-debugsource-2.22-114.8.3 glibc-devel-2.22-114.8.3 glibc-devel-debuginfo-2.22-114.8.3 glibc-locale-2.22-114.8.3 glibc-locale-debuginfo-2.22-114.8.3 glibc-profile-2.22-114.8.3 nscd-2.22-114.8.3 nscd-debuginfo-2.22-114.8.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): glibc-32bit-2.22-114.8.3 glibc-debuginfo-32bit-2.22-114.8.3 glibc-devel-32bit-2.22-114.8.3 glibc-devel-debuginfo-32bit-2.22-114.8.3 glibc-locale-32bit-2.22-114.8.3 glibc-locale-debuginfo-32bit-2.22-114.8.3 glibc-profile-32bit-2.22-114.8.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): glibc-html-2.22-114.8.3 glibc-i18ndata-2.22-114.8.3 glibc-info-2.22-114.8.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-2.22-114.8.3 glibc-debuginfo-2.22-114.8.3 glibc-debugsource-2.22-114.8.3 glibc-devel-2.22-114.8.3 glibc-devel-debuginfo-2.22-114.8.3 glibc-locale-2.22-114.8.3 glibc-locale-debuginfo-2.22-114.8.3 glibc-profile-2.22-114.8.3 nscd-2.22-114.8.3 nscd-debuginfo-2.22-114.8.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): glibc-32bit-2.22-114.8.3 glibc-debuginfo-32bit-2.22-114.8.3 glibc-devel-32bit-2.22-114.8.3 glibc-devel-debuginfo-32bit-2.22-114.8.3 glibc-locale-32bit-2.22-114.8.3 glibc-locale-debuginfo-32bit-2.22-114.8.3 glibc-profile-32bit-2.22-114.8.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): glibc-html-2.22-114.8.3 glibc-i18ndata-2.22-114.8.3 glibc-info-2.22-114.8.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.22-114.8.3 glibc-debuginfo-2.22-114.8.3 glibc-debugsource-2.22-114.8.3 glibc-devel-2.22-114.8.3 glibc-devel-debuginfo-2.22-114.8.3 glibc-locale-2.22-114.8.3 glibc-locale-debuginfo-2.22-114.8.3 glibc-profile-2.22-114.8.3 nscd-2.22-114.8.3 nscd-debuginfo-2.22-114.8.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): glibc-32bit-2.22-114.8.3 glibc-debuginfo-32bit-2.22-114.8.3 glibc-devel-32bit-2.22-114.8.3 glibc-devel-debuginfo-32bit-2.22-114.8.3 glibc-locale-32bit-2.22-114.8.3 glibc-locale-debuginfo-32bit-2.22-114.8.3 glibc-profile-32bit-2.22-114.8.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): glibc-html-2.22-114.8.3 glibc-i18ndata-2.22-114.8.3 glibc-info-2.22-114.8.3 References: https://www.suse.com/security/cve/CVE-2020-27618.html https://www.suse.com/security/cve/CVE-2020-29562.html https://www.suse.com/security/cve/CVE-2020-29573.html https://bugzilla.suse.com/1178386 https://bugzilla.suse.com/1179694 https://bugzilla.suse.com/1179721 https://bugzilla.suse.com/1184034 From sle-updates at lists.suse.com Tue Apr 13 19:15:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:15:54 +0200 (CEST) Subject: SUSE-RU-2021:14689-1: moderate: Recommended update for crash Message-ID: <20210413191554.269F0F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14689-1 Rating: moderate References: #1182570 #1184604 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. - fixing package signing issue (bsc#1184604). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-crash-14689=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-crash-14689=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): crash-7.0.9-30.9.1 crash-eppic-7.0.9-30.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): crash-debuginfo-7.0.9-30.9.1 crash-debugsource-7.0.9-30.9.1 References: https://bugzilla.suse.com/1182570 https://bugzilla.suse.com/1184604 From sle-updates at lists.suse.com Tue Apr 13 19:17:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:17:00 +0200 (CEST) Subject: SUSE-RU-2021:1178-1: moderate: Recommended update for lttng-modules Message-ID: <20210413191700.7A528F78E@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1178-1 Rating: moderate References: #1167703 #1182570 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lttng-modules fixes the following issues: - Fix build error caused by btrfs_block_group_cache moving to a new include file (bsc#1167703) - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1178=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): lttng-modules-kmp-rt-2.10.10_k5.3.18_28-1.3.9 lttng-modules-kmp-rt-debuginfo-2.10.10_k5.3.18_28-1.3.9 References: https://bugzilla.suse.com/1167703 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 13 19:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:18:09 +0200 (CEST) Subject: SUSE-SU-2021:1177-1: important: Security update for the Linux Kernel Message-ID: <20210413191809.91DE3F78E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1177-1 Rating: important References: #1152472 #1152489 #1153274 #1154353 #1155518 #1156256 #1159280 #1160634 #1167773 #1168777 #1169514 #1169709 #1171295 #1173485 #1177326 #1178163 #1178330 #1179454 #1180197 #1180980 #1181383 #1181674 #1181862 #1182011 #1182077 #1182485 #1182552 #1182574 #1182591 #1182595 #1182715 #1182716 #1182717 #1182770 #1182989 #1183015 #1183018 #1183022 #1183023 #1183048 #1183252 #1183277 #1183278 #1183279 #1183280 #1183281 #1183282 #1183283 #1183284 #1183285 #1183286 #1183287 #1183288 #1183366 #1183369 #1183386 #1183412 #1183416 #1183427 #1183428 #1183445 #1183447 #1183501 #1183509 #1183530 #1183534 #1183540 #1183593 #1183596 #1183598 #1183637 #1183646 #1183662 #1183686 #1183692 #1183696 #1183750 #1183757 #1183775 #1183843 #1183859 #1183871 #1184167 #1184168 #1184170 #1184176 #1184192 #1184193 #1184196 #1184198 #1184217 #1184218 #1184219 #1184220 #1184224 Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-3428 CVE-2021-3444 CVSS scores: CVE-2019-18814 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18814 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19769 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2019-19769 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28375 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 74 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: check pointer before freeing (bsc#1183534). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm/mdp5: Fix wait-for-commit for cmd panels (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) Backporting notes: - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and kvm_exit events", bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools. - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1177=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.41.1 kernel-source-azure-5.3.18-18.41.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.41.1 kernel-azure-debuginfo-5.3.18-18.41.1 kernel-azure-debugsource-5.3.18-18.41.1 kernel-azure-devel-5.3.18-18.41.1 kernel-azure-devel-debuginfo-5.3.18-18.41.1 kernel-syms-azure-5.3.18-18.41.1 References: https://www.suse.com/security/cve/CVE-2019-18814.html https://www.suse.com/security/cve/CVE-2019-19769.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28375.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156256 https://bugzilla.suse.com/1159280 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168777 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1171295 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1180197 https://bugzilla.suse.com/1180980 https://bugzilla.suse.com/1181383 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182077 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182552 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182591 https://bugzilla.suse.com/1182595 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1182770 https://bugzilla.suse.com/1182989 https://bugzilla.suse.com/1183015 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183048 https://bugzilla.suse.com/1183252 https://bugzilla.suse.com/1183277 https://bugzilla.suse.com/1183278 https://bugzilla.suse.com/1183279 https://bugzilla.suse.com/1183280 https://bugzilla.suse.com/1183281 https://bugzilla.suse.com/1183282 https://bugzilla.suse.com/1183283 https://bugzilla.suse.com/1183284 https://bugzilla.suse.com/1183285 https://bugzilla.suse.com/1183286 https://bugzilla.suse.com/1183287 https://bugzilla.suse.com/1183288 https://bugzilla.suse.com/1183366 https://bugzilla.suse.com/1183369 https://bugzilla.suse.com/1183386 https://bugzilla.suse.com/1183412 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183427 https://bugzilla.suse.com/1183428 https://bugzilla.suse.com/1183445 https://bugzilla.suse.com/1183447 https://bugzilla.suse.com/1183501 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183530 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183596 https://bugzilla.suse.com/1183598 https://bugzilla.suse.com/1183637 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183750 https://bugzilla.suse.com/1183757 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183843 https://bugzilla.suse.com/1183859 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184176 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184217 https://bugzilla.suse.com/1184218 https://bugzilla.suse.com/1184219 https://bugzilla.suse.com/1184220 https://bugzilla.suse.com/1184224 From sle-updates at lists.suse.com Tue Apr 13 19:27:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:27:01 +0200 (CEST) Subject: SUSE-SU-2021:1175-1: important: Security update for the Linux Kernel Message-ID: <20210413192701.6DD92F78E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1175-1 Rating: important References: #1065600 #1065729 #1103990 #1103991 #1103992 #1104270 #1104353 #1109837 #1111981 #1112374 #1113994 #1118657 #1118661 #1119113 #1126390 #1129770 #1132477 #1142635 #1152446 #1154048 #1169709 #1172455 #1173485 #1175165 #1176720 #1176855 #1178163 #1179243 #1179428 #1179454 #1179660 #1179755 #1180846 #1181507 #1181515 #1181544 #1181655 #1181674 #1181747 #1181753 #1181843 #1182011 #1182175 #1182485 #1182574 #1182715 #1182716 #1182717 #1183018 #1183022 #1183023 #1183378 #1183379 #1183380 #1183381 #1183382 #1183416 #1183509 #1183593 #1183646 #1183662 #1183686 #1183692 #1183696 #1183775 #1183861 #1183871 #1184114 #1184167 #1184168 #1184170 #1184192 #1184193 #1184196 #1184198 Cross-References: CVE-2020-0433 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-3428 CVE-2021-3444 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 51 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). - CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720). The following non-security bugs were fixed: - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455). - bfq: update internal depth state when queue depth changes (bsc#1172455). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170). - bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163). - bpf_lru_list: Read double-checked variable once without lock (git-fixes). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check all path components in resolved dfs target (bsc#1179755). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: fix nodfs mount option (bsc#1179755). - cifs: introduce helper for finding referral server (bsc#1179755). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270). - dmaengine: hsu: disable spurious interrupt (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if (bsc#1129770) Backporting notes: * context changes - drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635) Backporting notes: * taken for 427c4a0680a2 ("drm/vc4: crtc: Rework a bit the CRTC state code") * renamed drm_atomic_state_helper.{c,h} to drm_atomic_helper.{c,h} * context changes - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770) Backporting notes: * context changes - drm/compat: Clear bounce structures (bsc#1129770) Backporting notes: * context changes - drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048) Backporting notes: * context changes - drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446) Backporting notes: * context changes - drm/mediatek: Fix aal size config (bsc#1129770) Backporting notes: * access I/O memory with writel() - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm: mxsfb: check framebuffer pitch (bsc#1129770) Backporting notes: * context changes - drm/omap: fix max fclk divider for omap36xx (bsc#1152446) - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770) Backporting notes: * context changes - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Put reference to VSP device (bsc#1129770) Backporting notes: * context changes - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770) Backporting notes: * context changes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770) Backporting notes: * context changes - ethernet: alx: fix order of calls on resume (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770) - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - futex: Prevent robust futex exit race (git-fixes). - gma500: clean up error handling in init (bsc#1129770) - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc#1111981). - i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ). - i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ). - IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991). - ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: add memory barrier to protect long term buffer (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Do not replenish RX buffers after every polling loop (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: fix block comments (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (bsc#1184114 ltc#192237). - ibmvnic: Fix TX completion error handling (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: prefer strscpy over strlcpy (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: reduce wait for completion time (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: remove excessive irqsave (bsc#1065729). - ibmvnic: remove never executed if statement (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: send_login should check for crq errors (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: simplify reset_long_term_buff function (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791). - ibmvnic: track pending login (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ice: Account for port VLAN in VF max packet size calculation (bsc#1118661). - igc: check return value of ret_val in igc_config_fc_after_link_up (bsc#1118657). - igc: Report speed and duplex as unknown when device is runtime suspended (jsc#SLE-4799). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (bsc#1118657). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183378). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183379). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183380). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183381). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (bsc#1113994). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183382). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE. - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: bridge: use switchdev for port flags set through sysfs too (bsc#1112374). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - net: hns3: add a check for index in hclge_get_rss_key() (bsc#1126390). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (bsc#1104353). - net: hns3: fix bug when calculating the TCAM table info (bsc#1104353). - net: hns3: fix query vlan mask value error for flow director (bsc#1104353). - net/mlx5e: Update max_opened_tc also when channels are closed (bsc#1103990). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 (bsc#1119113). - net: re-solve some conflicts after net -> net-next merge (bsc#1184114 ltc#192237 bsc#1176855 ltc#187293). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc: Convert to using %pOFn instead of device_node.name (bsc#1181674 ltc#189159). - powerpc: Fix some spelling mistakes (bsc#1181674 ltc#189159). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/numa: Suppress "VPHN is not supported" messages (bsc#1181674 ltc#189159). - powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n (bsc#1181674 ltc#189159). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries: Generalize hcall_vphn() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory "re-add" implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask (bsc#1181674 ltc#189159). - powerpc/vio: Use device_type to detect family (bsc#1181674 ltc#189159). - printk: fix deadlock when kernel panic (bsc#1183018). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - rcu: Allow only one expedited GP to run concurrently with (git-fixes) - rcu: Fix missed wakeup of exp_wq waiters (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (bsc#1103991). - RDMA/rxe: Remove useless code in rxe_recv.c (bsc#1103992 ). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc (bsc#1103992). - Revert "ibmvnic: remove never executed if statement" (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165). - s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165). - s390/vtime: fix increased steal time accounting (bsc#1183861). - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/vtime: Fix guest/system mis-accounting on task switch (git-fixes) - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix ancient double free (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0() (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix 'physical' typos (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - selinux: never allow relabeling on context mounts (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: Fix unsafe unaligned pointer usage (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-commit). - use __netdev_notify_peers in ibmvnic (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1129770) - video: fbdev: atmel_lcdfb: fix return error code in (bsc#1129770) Backporting notes: * context changes * fallout from trailing whitespaces - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xsk: Remove dangling function declaration from header file (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1175=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.50.1 kernel-azure-base-4.12.14-16.50.1 kernel-azure-base-debuginfo-4.12.14-16.50.1 kernel-azure-debuginfo-4.12.14-16.50.1 kernel-azure-debugsource-4.12.14-16.50.1 kernel-azure-devel-4.12.14-16.50.1 kernel-syms-azure-4.12.14-16.50.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.50.1 kernel-source-azure-4.12.14-16.50.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29374.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-26932.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1132477 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1152446 https://bugzilla.suse.com/1154048 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1172455 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1175165 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179428 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1179660 https://bugzilla.suse.com/1179755 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181515 https://bugzilla.suse.com/1181544 https://bugzilla.suse.com/1181655 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181747 https://bugzilla.suse.com/1181753 https://bugzilla.suse.com/1181843 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182175 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183378 https://bugzilla.suse.com/1183379 https://bugzilla.suse.com/1183380 https://bugzilla.suse.com/1183381 https://bugzilla.suse.com/1183382 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183861 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 From sle-updates at lists.suse.com Tue Apr 13 19:34:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:34:29 +0200 (CEST) Subject: SUSE-SU-2021:14690-1: important: Security update for xorg-x11-server Message-ID: <20210413193429.7E5B3F78E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14690-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14690=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14690=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14690=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14690=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.40.1 xorg-x11-server-7.4-27.122.40.1 xorg-x11-server-extra-7.4-27.122.40.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.40.1 xorg-x11-server-7.4-27.122.40.1 xorg-x11-server-extra-7.4-27.122.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.40.1 xorg-x11-server-debugsource-7.4-27.122.40.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.40.1 xorg-x11-server-debugsource-7.4-27.122.40.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Tue Apr 13 19:35:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:35:31 +0200 (CEST) Subject: SUSE-SU-2021:1176-1: important: Security update for the Linux Kernel Message-ID: <20210413193531.72302F78E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1176-1 Rating: important References: #1065600 #1065729 #1103990 #1103991 #1103992 #1104270 #1104353 #1109837 #1111981 #1112374 #1113994 #1118657 #1118661 #1119113 #1126390 #1129770 #1132477 #1142635 #1152446 #1154048 #1169709 #1172455 #1173485 #1175165 #1176720 #1176855 #1177411 #1178163 #1179243 #1179428 #1179454 #1179660 #1179755 #1180846 #1181515 #1181544 #1181655 #1181674 #1181747 #1181753 #1181843 #1182011 #1182175 #1182485 #1182574 #1182715 #1182716 #1182717 #1183018 #1183022 #1183023 #1183378 #1183379 #1183380 #1183381 #1183382 #1183416 #1183509 #1183593 #1183646 #1183686 #1183692 #1183696 #1183775 #1183861 #1183871 #1184114 #1184167 #1184168 #1184170 #1184192 #1184193 #1184196 #1184198 Cross-References: CVE-2020-0433 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-3428 CVE-2021-3444 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). - CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720). - CVE-2020-27673: Fixed a potential denial of service at high rate of events to dom0, aka CID-e99502f76271 (bsc#1177411 ). The following non-security bugs were fixed: - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455). - bfq: update internal depth state when queue depth changes (bsc#1172455). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170). - bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163). - bpf_lru_list: Read double-checked variable once without lock (git-fixes). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cifs: check all path components in resolved dfs target (bsc#1179755). - cifs: fix nodfs mount option (bsc#1179755). - cifs: introduce helper for finding referral server (bsc#1179755). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270). - dmaengine: hsu: disable spurious interrupt (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if (bsc#1129770) Backporting notes: * context changes - drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635) Backporting notes: * taken for 427c4a0680a2 ("drm/vc4: crtc: Rework a bit the CRTC state code") * renamed drm_atomic_state_helper.{c,h} to drm_atomic_helper.{c,h} * context changes - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770) Backporting notes: * context changes - drm/compat: Clear bounce structures (bsc#1129770) Backporting notes: * context changes - drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048) Backporting notes: * context changes - drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446) Backporting notes: * context changes - drm/mediatek: Fix aal size config (bsc#1129770) Backporting notes: * access I/O memory with writel() - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm: mxsfb: check framebuffer pitch (bsc#1129770) Backporting notes: * context changes - drm/omap: fix max fclk divider for omap36xx (bsc#1152446) - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770) Backporting notes: * context changes - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Put reference to VSP device (bsc#1129770) Backporting notes: * context changes - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770) Backporting notes: * context changes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770) Backporting notes: * context changes - ethernet: alx: fix order of calls on resume (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770) - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - futex: Prevent robust futex exit race (git-fixes). - gma500: clean up error handling in init (bsc#1129770) - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc#1111981). - i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ). - i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ). - IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991). - ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: add memory barrier to protect long term buffer (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Do not replenish RX buffers after every polling loop (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: fix block comments (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (bsc#1184114 ltc#192237). - ibmvnic: Fix TX completion error handling (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: prefer strscpy over strlcpy (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: reduce wait for completion time (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: remove excessive irqsave (bsc#1065729). - ibmvnic: remove never executed if statement (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: send_login should check for crq errors (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: simplify reset_long_term_buff function (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791). - ibmvnic: track pending login (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ice: Account for port VLAN in VF max packet size calculation (bsc#1118661). - igc: check return value of ret_val in igc_config_fc_after_link_up (bsc#1118657). - igc: Report speed and duplex as unknown when device is runtime suspended (jsc#SLE-4799). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (bsc#1118657). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183378). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183379). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183380). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183381). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (bsc#1113994). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183382). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE. - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: bridge: use switchdev for port flags set through sysfs too (bsc#1112374). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - net: hns3: add a check for index in hclge_get_rss_key() (bsc#1126390). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (bsc#1104353). - net: hns3: fix bug when calculating the TCAM table info (bsc#1104353). - net: hns3: fix query vlan mask value error for flow director (bsc#1104353). - net/mlx5e: Update max_opened_tc also when channels are closed (bsc#1103990). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 (bsc#1119113). - net: re-solve some conflicts after net -> net-next merge (bsc#1184114 ltc#192237 bsc#1176855 ltc#187293). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc: Convert to using %pOFn instead of device_node.name (bsc#1181674 ltc#189159). - powerpc: Fix some spelling mistakes (bsc#1181674 ltc#189159). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/numa: Suppress "VPHN is not supported" messages (bsc#1181674 ltc#189159). - powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n (bsc#1181674 ltc#189159). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries: Generalize hcall_vphn() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory "re-add" implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask (bsc#1181674 ltc#189159). - powerpc/vio: Use device_type to detect family (bsc#1181674 ltc#189159). - printk: fix deadlock when kernel panic (bsc#1183018). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - rcu: Allow only one expedited GP to run concurrently with (git-fixes) - rcu: Fix missed wakeup of exp_wq waiters (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (bsc#1103991). - RDMA/rxe: Remove useless code in rxe_recv.c (bsc#1103992 ). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc (bsc#1103992). - Revert "ibmvnic: remove never executed if statement" (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165). - s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165). - s390/vtime: fix increased steal time accounting (bsc#1183861). - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/vtime: Fix guest/system mis-accounting on task switch (git-fixes) - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix ancient double free (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0() (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix 'physical' typos (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - selinux: never allow relabeling on context mounts (git-fixes). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: Fix unsafe unaligned pointer usage (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-commit). - use __netdev_notify_peers in ibmvnic (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1129770) - video: fbdev: atmel_lcdfb: fix return error code in (bsc#1129770) Backporting notes: * context changes * fallout from trailing whitespaces - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xsk: Remove dangling function declaration from header file (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1176=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.37.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.37.1 dlm-kmp-rt-4.12.14-10.37.1 dlm-kmp-rt-debuginfo-4.12.14-10.37.1 gfs2-kmp-rt-4.12.14-10.37.1 gfs2-kmp-rt-debuginfo-4.12.14-10.37.1 kernel-rt-4.12.14-10.37.1 kernel-rt-base-4.12.14-10.37.1 kernel-rt-base-debuginfo-4.12.14-10.37.1 kernel-rt-debuginfo-4.12.14-10.37.1 kernel-rt-debugsource-4.12.14-10.37.1 kernel-rt-devel-4.12.14-10.37.1 kernel-rt-devel-debuginfo-4.12.14-10.37.1 kernel-rt_debug-4.12.14-10.37.1 kernel-rt_debug-debuginfo-4.12.14-10.37.1 kernel-rt_debug-debugsource-4.12.14-10.37.1 kernel-rt_debug-devel-4.12.14-10.37.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.37.1 kernel-syms-rt-4.12.14-10.37.1 ocfs2-kmp-rt-4.12.14-10.37.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.37.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.37.1 kernel-source-rt-4.12.14-10.37.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29374.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-26932.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1132477 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1152446 https://bugzilla.suse.com/1154048 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1172455 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1175165 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179428 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1179660 https://bugzilla.suse.com/1179755 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181515 https://bugzilla.suse.com/1181544 https://bugzilla.suse.com/1181655 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181747 https://bugzilla.suse.com/1181753 https://bugzilla.suse.com/1181843 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182175 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183378 https://bugzilla.suse.com/1183379 https://bugzilla.suse.com/1183380 https://bugzilla.suse.com/1183381 https://bugzilla.suse.com/1183382 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183861 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 From sle-updates at lists.suse.com Tue Apr 13 19:43:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:43:11 +0200 (CEST) Subject: SUSE-SU-2021:1179-1: important: Security update for xorg-x11-server Message-ID: <20210413194311.6547DF78E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1179-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1179=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1179=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1179=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1179=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.30.1 xorg-x11-server-debuginfo-1.19.6-8.30.1 xorg-x11-server-debugsource-1.19.6-8.30.1 xorg-x11-server-extra-1.19.6-8.30.1 xorg-x11-server-extra-debuginfo-1.19.6-8.30.1 xorg-x11-server-sdk-1.19.6-8.30.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.30.1 xorg-x11-server-debuginfo-1.19.6-8.30.1 xorg-x11-server-debugsource-1.19.6-8.30.1 xorg-x11-server-extra-1.19.6-8.30.1 xorg-x11-server-extra-debuginfo-1.19.6-8.30.1 xorg-x11-server-sdk-1.19.6-8.30.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.30.1 xorg-x11-server-debuginfo-1.19.6-8.30.1 xorg-x11-server-debugsource-1.19.6-8.30.1 xorg-x11-server-extra-1.19.6-8.30.1 xorg-x11-server-extra-debuginfo-1.19.6-8.30.1 xorg-x11-server-sdk-1.19.6-8.30.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.30.1 xorg-x11-server-debuginfo-1.19.6-8.30.1 xorg-x11-server-debugsource-1.19.6-8.30.1 xorg-x11-server-extra-1.19.6-8.30.1 xorg-x11-server-extra-debuginfo-1.19.6-8.30.1 xorg-x11-server-sdk-1.19.6-8.30.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Tue Apr 13 19:44:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:44:07 +0200 (CEST) Subject: SUSE-SU-2021:1174-1: important: Security update for clamav Message-ID: <20210413194407.BBDB1F78E@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1174-1 Rating: important References: #1181256 #1184532 #1184533 #1184534 Cross-References: CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 CVSS scores: CVE-2021-1252 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1404 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1405 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1174=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): clamav-0.103.2-3.6.1 clamav-debuginfo-0.103.2-3.6.1 clamav-debugsource-0.103.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-1252.html https://www.suse.com/security/cve/CVE-2021-1404.html https://www.suse.com/security/cve/CVE-2021-1405.html https://bugzilla.suse.com/1181256 https://bugzilla.suse.com/1184532 https://bugzilla.suse.com/1184533 https://bugzilla.suse.com/1184534 From sle-updates at lists.suse.com Tue Apr 13 19:45:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:45:16 +0200 (CEST) Subject: SUSE-SU-2021:1181-1: important: Security update for xorg-x11-server Message-ID: <20210413194516.BEC6DF78E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1181-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1181=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1181=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.23.1 xorg-x11-server-debugsource-1.19.6-10.23.1 xorg-x11-server-sdk-1.19.6-10.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.23.1 xorg-x11-server-debuginfo-1.19.6-10.23.1 xorg-x11-server-debugsource-1.19.6-10.23.1 xorg-x11-server-extra-1.19.6-10.23.1 xorg-x11-server-extra-debuginfo-1.19.6-10.23.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Tue Apr 13 19:46:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:46:11 +0200 (CEST) Subject: SUSE-SU-2021:1180-1: important: Security update for xorg-x11-server Message-ID: <20210413194611.EEE59F78E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1180-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1180=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1180=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1180=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1180=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.22.1 xorg-x11-server-debuginfo-1.19.6-4.22.1 xorg-x11-server-debugsource-1.19.6-4.22.1 xorg-x11-server-extra-1.19.6-4.22.1 xorg-x11-server-extra-debuginfo-1.19.6-4.22.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.22.1 xorg-x11-server-debuginfo-1.19.6-4.22.1 xorg-x11-server-debugsource-1.19.6-4.22.1 xorg-x11-server-extra-1.19.6-4.22.1 xorg-x11-server-extra-debuginfo-1.19.6-4.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.22.1 xorg-x11-server-debuginfo-1.19.6-4.22.1 xorg-x11-server-debugsource-1.19.6-4.22.1 xorg-x11-server-extra-1.19.6-4.22.1 xorg-x11-server-extra-debuginfo-1.19.6-4.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.22.1 xorg-x11-server-debuginfo-1.19.6-4.22.1 xorg-x11-server-debugsource-1.19.6-4.22.1 xorg-x11-server-extra-1.19.6-4.22.1 xorg-x11-server-extra-debuginfo-1.19.6-4.22.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Tue Apr 13 19:47:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Apr 2021 21:47:10 +0200 (CEST) Subject: SUSE-SU-2021:1182-1: important: Security update for xorg-x11-server Message-ID: <20210413194710.6E26FF78E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1182-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1182=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1182=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1182=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1182=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.25.1 xorg-x11-server-debugsource-1.20.3-22.5.25.1 xorg-x11-server-wayland-1.20.3-22.5.25.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.25.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.25.1 xorg-x11-server-debugsource-1.20.3-22.5.25.1 xorg-x11-server-wayland-1.20.3-22.5.25.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.25.1 xorg-x11-server-debugsource-1.20.3-22.5.25.1 xorg-x11-server-sdk-1.20.3-22.5.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.25.1 xorg-x11-server-debugsource-1.20.3-22.5.25.1 xorg-x11-server-sdk-1.20.3-22.5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.25.1 xorg-x11-server-debuginfo-1.20.3-22.5.25.1 xorg-x11-server-debugsource-1.20.3-22.5.25.1 xorg-x11-server-extra-1.20.3-22.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.25.1 xorg-x11-server-debuginfo-1.20.3-22.5.25.1 xorg-x11-server-debugsource-1.20.3-22.5.25.1 xorg-x11-server-extra-1.20.3-22.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.25.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Wed Apr 14 06:08:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 08:08:29 +0200 (CEST) Subject: SUSE-CU-2021:104-1: Security update of suse/sles12sp4 Message-ID: <20210414060829.ACF1AB4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:104-1 Container Tags : suse/sles12sp4:26.273 , suse/sles12sp4:latest Container Release : 26.273 Severity : important Type : security References : 1178386 1179694 1179721 1184034 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1165-1 Released: Tue Apr 13 14:03:17 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1184034,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573 This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) - CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) - Check vector support in memmove ifunc-selector (bsc#1184034) From sle-updates at lists.suse.com Wed Apr 14 06:15:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 08:15:54 +0200 (CEST) Subject: SUSE-CU-2021:105-1: Security update of suse/sles12sp5 Message-ID: <20210414061554.E557CB4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:105-1 Container Tags : suse/sles12sp5:6.5.159 , suse/sles12sp5:latest Container Release : 6.5.159 Severity : important Type : security References : 1178386 1179694 1179721 1184034 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1165-1 Released: Tue Apr 13 14:03:17 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1184034,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573 This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) - CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) - Check vector support in memmove ifunc-selector (bsc#1184034) From sle-updates at lists.suse.com Wed Apr 14 06:31:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 08:31:20 +0200 (CEST) Subject: SUSE-CU-2021:106-1: Recommended update of suse/sle15 Message-ID: <20210414063120.4BCABB4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:106-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.374 Container Release : 4.22.374 Severity : low Type : recommended References : 1181976 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) From sle-updates at lists.suse.com Wed Apr 14 06:44:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 08:44:16 +0200 (CEST) Subject: SUSE-CU-2021:107-1: Recommended update of suse/sle15 Message-ID: <20210414064416.9A9DFB4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:107-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.434 Container Release : 6.2.434 Severity : low Type : recommended References : 1181976 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) From sle-updates at lists.suse.com Wed Apr 14 06:51:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 08:51:15 +0200 (CEST) Subject: SUSE-CU-2021:108-1: Recommended update of suse/sle15 Message-ID: <20210414065115.224D4B4624D@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:108-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.889 Container Release : 8.2.889 Severity : low Type : recommended References : 1181976 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) From sle-updates at lists.suse.com Wed Apr 14 13:17:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 15:17:03 +0200 (CEST) Subject: SUSE-RU-2021:1186-1: moderate: Recommended update for vsftpd Message-ID: <20210414131703.F066DFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1186-1 Rating: moderate References: #1125951 #1144062 #1179553 #1180314 #1181512 SLE-4182 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 5 recommended fixes and contains one feature can now be installed. Description: This update for vsftpd fixes the following issues: - Fix an issue when vsftpd crashes as 'seccomp' blocks new syscall. (bsc#1179553) - Fixed a crash while trying to list a directory on SUSE Linux Enterprise 15 with seccomp mode enabled. (bsc#1181512) - Users can now enable a specific version of TLS protocol. (jsc#SLE-4182) Add the options `ssl_tlsv1_1` and `ssl_tlsv1_2` to the configuration file. Both options are enabled. - Add `pam_keyinit.so` to PAM config file. (bsc#1144062) - Fix a memory error while trying to write to an invalid TLS context. (bsc#1125951) - Follow the system TLS cipher policy `DEFAULT_SUSE` by default. Run the command `openssl ciphers -v DEFAULT_SUSE` to see which ciphers this includes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1186=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1186=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1186=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1186=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1186=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): vsftpd-3.0.3-7.16.1 vsftpd-debuginfo-3.0.3-7.16.1 vsftpd-debugsource-3.0.3-7.16.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): vsftpd-3.0.3-7.16.1 vsftpd-debuginfo-3.0.3-7.16.1 vsftpd-debugsource-3.0.3-7.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.3-7.16.1 vsftpd-debuginfo-3.0.3-7.16.1 vsftpd-debugsource-3.0.3-7.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): vsftpd-3.0.3-7.16.1 vsftpd-debuginfo-3.0.3-7.16.1 vsftpd-debugsource-3.0.3-7.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): vsftpd-3.0.3-7.16.1 vsftpd-debuginfo-3.0.3-7.16.1 vsftpd-debugsource-3.0.3-7.16.1 References: https://bugzilla.suse.com/1125951 https://bugzilla.suse.com/1144062 https://bugzilla.suse.com/1179553 https://bugzilla.suse.com/1180314 https://bugzilla.suse.com/1181512 From sle-updates at lists.suse.com Wed Apr 14 13:18:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 15:18:32 +0200 (CEST) Subject: SUSE-SU-2021:14692-1: important: Security update for clamav Message-ID: <20210414131832.4B02CFCFA@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14692-1 Rating: important References: #1181256 #1184532 #1184533 #1184534 Cross-References: CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 CVSS scores: CVE-2021-1252 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1404 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1405 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14692=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14692=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14692=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14692=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.103.2-0.20.35.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.103.2-0.20.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.103.2-0.20.35.1 clamav-debugsource-0.103.2-0.20.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.103.2-0.20.35.1 clamav-debugsource-0.103.2-0.20.35.1 References: https://www.suse.com/security/cve/CVE-2021-1252.html https://www.suse.com/security/cve/CVE-2021-1404.html https://www.suse.com/security/cve/CVE-2021-1405.html https://bugzilla.suse.com/1181256 https://bugzilla.suse.com/1184532 https://bugzilla.suse.com/1184533 https://bugzilla.suse.com/1184534 From sle-updates at lists.suse.com Wed Apr 14 13:19:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 15:19:57 +0200 (CEST) Subject: SUSE-RU-2021:1185-1: important: Recommended update for rmt-server Message-ID: <20210414131957.01FECFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1185-1 Rating: important References: #1179523 #1180018 #1182736 #1183615 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: Update from version 2.6.5 to version 2.6.8 - Fixing wrong handling of `ids` starting with numeric characters. (bsc#1182736) - Clean out `subscriptions` table only if the replacement data is already available. (bsc#1183615) - Raise an error when there is an extension activated which has no migration successor (like LTSS). - Include installed modules to the solution tree when doing an offline migration. (bsc#1179523) - Do not raise an exception when mirroring if some information missing is in alpha or beta stage. (bsc#1180018) - Fix `rpath` build issues. - Add filter options for product listing and bash completion for new flags Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1185=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1185=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1185=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1185=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rmt-server-2.6.8-3.39.1 rmt-server-config-2.6.8-3.39.1 rmt-server-debuginfo-2.6.8-3.39.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rmt-server-2.6.8-3.39.1 rmt-server-config-2.6.8-3.39.1 rmt-server-debuginfo-2.6.8-3.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rmt-server-2.6.8-3.39.1 rmt-server-config-2.6.8-3.39.1 rmt-server-debuginfo-2.6.8-3.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rmt-server-2.6.8-3.39.1 rmt-server-config-2.6.8-3.39.1 rmt-server-debuginfo-2.6.8-3.39.1 References: https://bugzilla.suse.com/1179523 https://bugzilla.suse.com/1180018 https://bugzilla.suse.com/1182736 https://bugzilla.suse.com/1183615 From sle-updates at lists.suse.com Wed Apr 14 13:21:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 15:21:17 +0200 (CEST) Subject: SUSE-RU-2021:1184-1: important: Recommended update for rmt-server Message-ID: <20210414132117.7E27CFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1184-1 Rating: important References: #1179523 #1180018 #1182736 #1183615 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: Update from version 2.6.6 to version 2.6.8 - Fixing wrong handling of `ids` starting with numeric characters. (bsc#1182736) - Clean out `subscriptions` table only if the replacement data is already available. (bsc#1183615) - Raise an error when there is an extension activated which has no migration successor (like LTSS). - Include installed modules to the solution tree when doing an offline migration. (bsc#1179523) - Do not raise an exception when mirroring if some information missing is in alpha or beta stage. (bsc#1180018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1184=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1184=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-2.6.8-3.9.1 rmt-server-config-2.6.8-3.9.1 rmt-server-debuginfo-2.6.8-3.9.1 rmt-server-debugsource-2.6.8-3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.6.8-3.9.1 rmt-server-debugsource-2.6.8-3.9.1 rmt-server-pubcloud-2.6.8-3.9.1 References: https://bugzilla.suse.com/1179523 https://bugzilla.suse.com/1180018 https://bugzilla.suse.com/1182736 https://bugzilla.suse.com/1183615 From sle-updates at lists.suse.com Wed Apr 14 16:16:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 18:16:03 +0200 (CEST) Subject: SUSE-SU-2021:1190-1: important: Security update for clamav Message-ID: <20210414161603.7973BFCF8@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1190-1 Rating: important References: #1181256 #1184532 #1184533 #1184534 Cross-References: CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 CVSS scores: CVE-2021-1252 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1404 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1405 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1190=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1190=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1190=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1190=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1190=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1190=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1190=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1190=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1190=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1190=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1190=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1190=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1190=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1190=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1190=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Manager Proxy 4.0 (x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 - SUSE CaaS Platform 4.0 (x86_64): clamav-0.103.2-3.26.1 clamav-debuginfo-0.103.2-3.26.1 clamav-debugsource-0.103.2-3.26.1 clamav-devel-0.103.2-3.26.1 libclamav9-0.103.2-3.26.1 libclamav9-debuginfo-0.103.2-3.26.1 libfreshclam2-0.103.2-3.26.1 libfreshclam2-debuginfo-0.103.2-3.26.1 References: https://www.suse.com/security/cve/CVE-2021-1252.html https://www.suse.com/security/cve/CVE-2021-1404.html https://www.suse.com/security/cve/CVE-2021-1405.html https://bugzilla.suse.com/1181256 https://bugzilla.suse.com/1184532 https://bugzilla.suse.com/1184533 https://bugzilla.suse.com/1184534 From sle-updates at lists.suse.com Wed Apr 14 16:17:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 18:17:29 +0200 (CEST) Subject: SUSE-SU-2021:1188-1: important: Security update for xorg-x11-server Message-ID: <20210414161729.43E33FCF8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1188-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1188=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1188=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1188=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1188=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1188=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1188=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1188=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1188=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1188=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Manager Proxy 4.0 (x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-14.5.16.1 xorg-x11-server-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-debugsource-1.20.3-14.5.16.1 xorg-x11-server-extra-1.20.3-14.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.16.1 xorg-x11-server-sdk-1.20.3-14.5.16.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Wed Apr 14 16:18:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 18:18:37 +0200 (CEST) Subject: SUSE-SU-2021:1189-1: important: Security update for clamav Message-ID: <20210414161837.F25FFFCF8@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1189-1 Rating: important References: #1181256 #1184532 #1184533 #1184534 Cross-References: CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 CVSS scores: CVE-2021-1252 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1404 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-1405 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1189=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1189=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1189=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1189=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1189=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1189=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1189=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1189=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1189=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1189=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1189=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1189=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1189=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE OpenStack Cloud 9 (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE OpenStack Cloud 8 (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 - HPE Helion Openstack 8 (x86_64): clamav-0.103.2-33.35.1 clamav-debuginfo-0.103.2-33.35.1 clamav-debugsource-0.103.2-33.35.1 References: https://www.suse.com/security/cve/CVE-2021-1252.html https://www.suse.com/security/cve/CVE-2021-1404.html https://www.suse.com/security/cve/CVE-2021-1405.html https://bugzilla.suse.com/1181256 https://bugzilla.suse.com/1184532 https://bugzilla.suse.com/1184533 https://bugzilla.suse.com/1184534 From sle-updates at lists.suse.com Wed Apr 14 16:20:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Apr 2021 18:20:00 +0200 (CEST) Subject: SUSE-SU-2021:1187-1: important: Security update for xorg-x11-server Message-ID: <20210414162000.73D71FCF8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1187-1 Rating: important References: #1180128 Cross-References: CVE-2021-3472 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1187=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1187=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1187=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1187=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1187=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1187=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1187=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1187=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1187=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.40.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.40.1 xorg-x11-server-debugsource-7.6_1.18.3-76.40.1 xorg-x11-server-extra-7.6_1.18.3-76.40.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.40.1 References: https://www.suse.com/security/cve/CVE-2021-3472.html https://bugzilla.suse.com/1180128 From sle-updates at lists.suse.com Wed Apr 14 22:15:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 00:15:47 +0200 (CEST) Subject: SUSE-RU-2021:1194-1: important: Recommended update for tcsh Message-ID: <20210414221547.2204EFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1194-1 Rating: important References: #1179316 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcsh fixes the following issues: - Fixed an issue, where the history file continued growing, leading to csh processes consuming 100% of the CPU (bsc#1179316) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1194=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1194=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1194=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1194=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1194=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1194=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1194=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1194=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1194=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1194=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1194=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1194=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1194=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1194=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE OpenStack Cloud 9 (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE OpenStack Cloud 8 (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 - HPE Helion Openstack 8 (x86_64): tcsh-6.18.01-8.17.1 tcsh-debuginfo-6.18.01-8.17.1 tcsh-debugsource-6.18.01-8.17.1 tcsh-lang-6.18.01-8.17.1 References: https://bugzilla.suse.com/1179316 From sle-updates at lists.suse.com Wed Apr 14 22:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 00:16:56 +0200 (CEST) Subject: SUSE-SU-2021:14693-1: important: Security update for util-linux Message-ID: <20210414221656.A8C76FCF8@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14693-1 Rating: important References: #1040414 #903440 #903738 #923777 #923904 #924994 #925705 #930236 #931607 #949754 Cross-References: CVE-2015-5218 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for util-linux fixes the following issues: - CVE-2015-5218: Prevent colcrt buffer overflow. (bsc#949754) These non-security issues were fixed: - Mount crashes when trying to mount `shmfs` while `SELinux` is active. (bsc#1040414) - Fix `lsblk -f` on `CCISS` and other devices with nodes in `/dev` subdirectory. (bsc#924994) - Fix `script(1)` hang caused by mis-interpreted EOF on big-endian platforms. (bsc#930236) - Do not segfault when TERM is not defined or wrong. (bsc#903440) - Update and fix mount XFS documentation. (bsc#925705) - Fix recognition of `/dev/dm-N` partitions names. (bsc#931607) - Follow SUSE Linux Enterprise 11 device mapper partition names configuration. (bsc#931607) - Fix recognition of device mapper partitions. (bsc#923904) - Fix `fsck -C {fd}` parsing. (bsc#923777, bsc#903738) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-util-linux-14693=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-util-linux-14693=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libblkid1-2.19.1-6.62.7.1 libuuid1-2.19.1-6.62.7.1 util-linux-2.19.1-6.62.7.1 util-linux-lang-2.19.1-6.62.7.1 uuid-runtime-2.19.1-6.62.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): util-linux-debuginfo-2.19.1-6.62.7.1 util-linux-debugsource-2.19.1-6.62.7.1 References: https://www.suse.com/security/cve/CVE-2015-5218.html https://bugzilla.suse.com/1040414 https://bugzilla.suse.com/903440 https://bugzilla.suse.com/903738 https://bugzilla.suse.com/923777 https://bugzilla.suse.com/923904 https://bugzilla.suse.com/924994 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/930236 https://bugzilla.suse.com/931607 https://bugzilla.suse.com/949754 From sle-updates at lists.suse.com Wed Apr 14 22:18:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 00:18:52 +0200 (CEST) Subject: SUSE-RU-2021:1191-1: important: Recommended update for irqbalance Message-ID: <20210414221852.8E253FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1191-1 Rating: important References: #1178477 #1183405 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - Fixed a bug where irqbalance did not correctly balance interrupts in Xen guests (bsc#1178477, bsc#1183405) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1191=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1191=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): irqbalance-1.4.0-12.6.1 irqbalance-debuginfo-1.4.0-12.6.1 irqbalance-debugsource-1.4.0-12.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): irqbalance-1.4.0-12.6.1 irqbalance-debuginfo-1.4.0-12.6.1 irqbalance-debugsource-1.4.0-12.6.1 References: https://bugzilla.suse.com/1178477 https://bugzilla.suse.com/1183405 From sle-updates at lists.suse.com Wed Apr 14 22:20:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 00:20:13 +0200 (CEST) Subject: SUSE-RU-2021:1192-1: important: Recommended update for irqbalance Message-ID: <20210414222013.B4EEFFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1192-1 Rating: important References: #1178477 #1183405 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - Fixed a bug where irqbalance did not correctly balance interrupts in Xen guests (bsc#1178477, bsc#1183405) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1192=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1192=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1192=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1192=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1192=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1192=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1192=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1192=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1192=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Manager Proxy 4.0 (x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 - SUSE CaaS Platform 4.0 (x86_64): irqbalance-1.4.0-7.6.1 irqbalance-debuginfo-1.4.0-7.6.1 irqbalance-debugsource-1.4.0-7.6.1 References: https://bugzilla.suse.com/1178477 https://bugzilla.suse.com/1183405 From sle-updates at lists.suse.com Wed Apr 14 22:21:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 00:21:30 +0200 (CEST) Subject: SUSE-RU-2021:1195-1: important: Recommended update for selinux-policy Message-ID: <20210414222130.B1249FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1195-1 Rating: important References: #1183177 Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for selinux-policy provides the following fixes: - Allow systemd to do sd-listen on tcp socket. (bsc#1183177]) - Update to version 20210309. - Ensure that /usr/etc is labeled according to /etc rules. - Change name of tar file to a more common schema to allow parallel installation of several source versions. - wicked.fc: Add libexec directories. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1195=1 Package List: - SUSE MicroOS 5.0 (noarch): selinux-policy-20210309-3.3.1 selinux-policy-targeted-20210309-3.3.1 References: https://bugzilla.suse.com/1183177 From sle-updates at lists.suse.com Thu Apr 15 16:16:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:16:35 +0200 (CEST) Subject: SUSE-RU-2021:1204-1: moderate: Recommended update for autoyast2 Message-ID: <20210415161635.BD4A2FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1204-1 Rating: moderate References: #1183719 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autoyast2 fixes the following issues: - Add 'autoyast2-installations' binaries to the installer channels. (bsc#1183719) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1204=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1204=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): autoyast2-4.2.50-3.13.1 autoyast2-installation-4.2.50-3.13.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): autoyast2-4.2.50-3.13.1 autoyast2-installation-4.2.50-3.13.1 References: https://bugzilla.suse.com/1183719 From sle-updates at lists.suse.com Thu Apr 15 16:17:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:17:37 +0200 (CEST) Subject: SUSE-RU-2021:1203-1: Recommended update for release-notes-ses Message-ID: <20210415161737.20F9FFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1203-1 Rating: low References: #1177696 #1182249 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-ses fixes the following issues: - Added a note about nfs-ganesha (bsc#1182249) - Added a note about apparmor (bsc#1177696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1203=1 Package List: - SUSE Enterprise Storage 7 (noarch): release-notes-ses-7.0.20210324-3.9.1 References: https://bugzilla.suse.com/1177696 https://bugzilla.suse.com/1182249 From sle-updates at lists.suse.com Thu Apr 15 16:18:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:18:44 +0200 (CEST) Subject: SUSE-RU-2021:1196-1: important: Recommended update for drbd Message-ID: <20210415161844.46E84FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1196-1 Rating: important References: #1182570 #1183970 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd fixes the following issue: - package is rebuilt with the new secure boot key. - disconnect when invalid dual primaries (bsc#1183970) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1196=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.15+git.c46d2790-3.23.1 drbd-debugsource-9.0.15+git.c46d2790-3.23.1 drbd-kmp-default-9.0.15+git.c46d2790_k4.12.14_150.69-3.23.1 drbd-kmp-default-debuginfo-9.0.15+git.c46d2790_k4.12.14_150.69-3.23.1 References: https://bugzilla.suse.com/1182570 https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Thu Apr 15 16:19:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:19:49 +0200 (CEST) Subject: SUSE-RU-2021:1197-1: important: Recommended update for drbd Message-ID: <20210415161949.B60C0FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1197-1 Rating: important References: #1183970 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - drbd failed to detect a loss of synchronization under certain conditions, which meant that a "split brain" condition would not be recognized. This issue could potentially have lead to data loss. [bsc#1183970] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1197=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-9.0.16+git.ab9777df-8.22.1 drbd-debugsource-9.0.16+git.ab9777df-8.22.1 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_197.86-8.22.1 drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_197.86-8.22.1 References: https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Thu Apr 15 16:20:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:20:49 +0200 (CEST) Subject: SUSE-RU-2021:1200-1: moderate: Recommended update for libreoffice Message-ID: <20210415162049.E452FFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1200-1 Rating: moderate References: #1182970 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libreoffice fixes the following issues: - Updated libreoffice to version 7.1.2.2 * Import graphics cropped into custom geometry as custom shapes (bsc#1182970) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1200=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): libreoffice-branding-upstream-7.1.2.2-13.15.1 libreoffice-icon-themes-7.1.2.2-13.15.1 libreoffice-l10n-af-7.1.2.2-13.15.1 libreoffice-l10n-ar-7.1.2.2-13.15.1 libreoffice-l10n-as-7.1.2.2-13.15.1 libreoffice-l10n-bg-7.1.2.2-13.15.1 libreoffice-l10n-bn-7.1.2.2-13.15.1 libreoffice-l10n-br-7.1.2.2-13.15.1 libreoffice-l10n-ca-7.1.2.2-13.15.1 libreoffice-l10n-cs-7.1.2.2-13.15.1 libreoffice-l10n-cy-7.1.2.2-13.15.1 libreoffice-l10n-da-7.1.2.2-13.15.1 libreoffice-l10n-de-7.1.2.2-13.15.1 libreoffice-l10n-dz-7.1.2.2-13.15.1 libreoffice-l10n-el-7.1.2.2-13.15.1 libreoffice-l10n-en-7.1.2.2-13.15.1 libreoffice-l10n-eo-7.1.2.2-13.15.1 libreoffice-l10n-es-7.1.2.2-13.15.1 libreoffice-l10n-et-7.1.2.2-13.15.1 libreoffice-l10n-eu-7.1.2.2-13.15.1 libreoffice-l10n-fa-7.1.2.2-13.15.1 libreoffice-l10n-fi-7.1.2.2-13.15.1 libreoffice-l10n-fr-7.1.2.2-13.15.1 libreoffice-l10n-ga-7.1.2.2-13.15.1 libreoffice-l10n-gl-7.1.2.2-13.15.1 libreoffice-l10n-gu-7.1.2.2-13.15.1 libreoffice-l10n-he-7.1.2.2-13.15.1 libreoffice-l10n-hi-7.1.2.2-13.15.1 libreoffice-l10n-hr-7.1.2.2-13.15.1 libreoffice-l10n-hu-7.1.2.2-13.15.1 libreoffice-l10n-it-7.1.2.2-13.15.1 libreoffice-l10n-ja-7.1.2.2-13.15.1 libreoffice-l10n-kk-7.1.2.2-13.15.1 libreoffice-l10n-kn-7.1.2.2-13.15.1 libreoffice-l10n-ko-7.1.2.2-13.15.1 libreoffice-l10n-lt-7.1.2.2-13.15.1 libreoffice-l10n-lv-7.1.2.2-13.15.1 libreoffice-l10n-mai-7.1.2.2-13.15.1 libreoffice-l10n-ml-7.1.2.2-13.15.1 libreoffice-l10n-mr-7.1.2.2-13.15.1 libreoffice-l10n-nb-7.1.2.2-13.15.1 libreoffice-l10n-nl-7.1.2.2-13.15.1 libreoffice-l10n-nn-7.1.2.2-13.15.1 libreoffice-l10n-nr-7.1.2.2-13.15.1 libreoffice-l10n-nso-7.1.2.2-13.15.1 libreoffice-l10n-or-7.1.2.2-13.15.1 libreoffice-l10n-pa-7.1.2.2-13.15.1 libreoffice-l10n-pl-7.1.2.2-13.15.1 libreoffice-l10n-pt_BR-7.1.2.2-13.15.1 libreoffice-l10n-pt_PT-7.1.2.2-13.15.1 libreoffice-l10n-ro-7.1.2.2-13.15.1 libreoffice-l10n-ru-7.1.2.2-13.15.1 libreoffice-l10n-si-7.1.2.2-13.15.1 libreoffice-l10n-sk-7.1.2.2-13.15.1 libreoffice-l10n-sl-7.1.2.2-13.15.1 libreoffice-l10n-sr-7.1.2.2-13.15.1 libreoffice-l10n-ss-7.1.2.2-13.15.1 libreoffice-l10n-st-7.1.2.2-13.15.1 libreoffice-l10n-sv-7.1.2.2-13.15.1 libreoffice-l10n-ta-7.1.2.2-13.15.1 libreoffice-l10n-te-7.1.2.2-13.15.1 libreoffice-l10n-th-7.1.2.2-13.15.1 libreoffice-l10n-tn-7.1.2.2-13.15.1 libreoffice-l10n-tr-7.1.2.2-13.15.1 libreoffice-l10n-ts-7.1.2.2-13.15.1 libreoffice-l10n-uk-7.1.2.2-13.15.1 libreoffice-l10n-ve-7.1.2.2-13.15.1 libreoffice-l10n-xh-7.1.2.2-13.15.1 libreoffice-l10n-zh_CN-7.1.2.2-13.15.1 libreoffice-l10n-zh_TW-7.1.2.2-13.15.1 libreoffice-l10n-zu-7.1.2.2-13.15.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libreoffice-7.1.2.2-13.15.1 libreoffice-base-7.1.2.2-13.15.1 libreoffice-base-debuginfo-7.1.2.2-13.15.1 libreoffice-base-drivers-postgresql-7.1.2.2-13.15.1 libreoffice-base-drivers-postgresql-debuginfo-7.1.2.2-13.15.1 libreoffice-calc-7.1.2.2-13.15.1 libreoffice-calc-debuginfo-7.1.2.2-13.15.1 libreoffice-calc-extensions-7.1.2.2-13.15.1 libreoffice-debuginfo-7.1.2.2-13.15.1 libreoffice-debugsource-7.1.2.2-13.15.1 libreoffice-draw-7.1.2.2-13.15.1 libreoffice-draw-debuginfo-7.1.2.2-13.15.1 libreoffice-filters-optional-7.1.2.2-13.15.1 libreoffice-gnome-7.1.2.2-13.15.1 libreoffice-gnome-debuginfo-7.1.2.2-13.15.1 libreoffice-gtk3-7.1.2.2-13.15.1 libreoffice-gtk3-debuginfo-7.1.2.2-13.15.1 libreoffice-impress-7.1.2.2-13.15.1 libreoffice-impress-debuginfo-7.1.2.2-13.15.1 libreoffice-mailmerge-7.1.2.2-13.15.1 libreoffice-math-7.1.2.2-13.15.1 libreoffice-math-debuginfo-7.1.2.2-13.15.1 libreoffice-officebean-7.1.2.2-13.15.1 libreoffice-officebean-debuginfo-7.1.2.2-13.15.1 libreoffice-pyuno-7.1.2.2-13.15.1 libreoffice-pyuno-debuginfo-7.1.2.2-13.15.1 libreoffice-writer-7.1.2.2-13.15.1 libreoffice-writer-debuginfo-7.1.2.2-13.15.1 libreoffice-writer-extensions-7.1.2.2-13.15.1 libreofficekit-7.1.2.2-13.15.1 References: https://bugzilla.suse.com/1182970 From sle-updates at lists.suse.com Thu Apr 15 16:21:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:21:52 +0200 (CEST) Subject: SUSE-RU-2021:1201-1: Recommended update for ses-manual_en Message-ID: <20210415162152.2B0BAFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1201-1 Rating: low References: #1181092 #1181369 #1181488 #1184009 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - Updated the manual * Replaced 'redeploy' with 'reconfig' * NFS Ganesha supports v4.1 and newer only (bsc#1184009) * Added rgw_s3_auth_use_ldap option description * Removed appendix with documentation updates * Added maintenance updates up to 15.2.10 * Fixed 'ceph daemon' commands (bsc#1181488) * Syncing salt modules during upgrade (bsc#1181092) * Updated DB volume requirements (bsc#1181369) * Merge pull request #904 from SUSE/remove-tuning-guide * admin/monitoring: Add section: updating monitoring services Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1201=1 Package List: - SUSE Enterprise Storage 7 (noarch): ses-admin_en-pdf-7locdrop+git46.gbf9009b6-3.9.1 ses-deployment_en-pdf-7locdrop+git46.gbf9009b6-3.9.1 ses-manual_en-7locdrop+git46.gbf9009b6-3.9.1 ses-troubleshooting_en-pdf-7locdrop+git46.gbf9009b6-3.9.1 ses-windows_en-pdf-7locdrop+git46.gbf9009b6-3.9.1 References: https://bugzilla.suse.com/1181092 https://bugzilla.suse.com/1181369 https://bugzilla.suse.com/1181488 https://bugzilla.suse.com/1184009 From sle-updates at lists.suse.com Thu Apr 15 16:23:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:23:09 +0200 (CEST) Subject: SUSE-RU-2021:1206-1: moderate: Recommended update for kubevirt Message-ID: <20210415162309.60952FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubevirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1206-1 Rating: moderate References: #1183749 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kubevirt fixes the following issues: - updated kubevirt to version 0.38.1 This update for provides a lot of bug fixes and smaller changes. Please refer to this package's rpm changelog to get a full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-1206=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (x86_64): kubevirt-virtctl-0.38.1-5.8.2 kubevirt-virtctl-debuginfo-0.38.1-5.8.2 References: https://bugzilla.suse.com/1183749 From sle-updates at lists.suse.com Thu Apr 15 16:24:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:24:09 +0200 (CEST) Subject: SUSE-RU-2021:1207-1: Recommended update for libgnomesu Message-ID: <20210415162409.587A1FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgnomesu ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1207-1 Rating: low References: #1176514 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgnomesu fixes the following issues: - Added sigterm handling to ensure proper cleanup on shutdown (bsc#1176514) - Updated translations Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1207=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libgnomesu-2.0.6-3.3.1 libgnomesu-debuginfo-2.0.6-3.3.1 libgnomesu-debugsource-2.0.6-3.3.1 libgnomesu-devel-2.0.6-3.3.1 libgnomesu0-2.0.6-3.3.1 libgnomesu0-debuginfo-2.0.6-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): libgnomesu-lang-2.0.6-3.3.1 References: https://bugzilla.suse.com/1176514 From sle-updates at lists.suse.com Thu Apr 15 16:25:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:25:12 +0200 (CEST) Subject: SUSE-RU-2021:1202-1: moderate: Recommended update for go1.16 Message-ID: <20210415162512.94353FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1202-1 Rating: moderate References: #1182345 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.16 fixes the following issues: - Updated to upstream version 1.16.3 to include fixes for the compiler, linker, runtime, the go command, and the testing and time packages (bsc#1182345) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1202=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.16-1.16.3-1.11.1 go1.16-doc-1.16.3-1.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.16-race-1.16.3-1.11.1 References: https://bugzilla.suse.com/1182345 From sle-updates at lists.suse.com Thu Apr 15 16:26:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:26:19 +0200 (CEST) Subject: SUSE-RU-2021:1209-1: Recommended update for nfs-utils Message-ID: <20210415162619.16879FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1209-1 Rating: low References: #1181540 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils fixes the following issues: - Improved logging of authentication (bsc#1181540) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1209=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.28.1 nfs-client-debuginfo-1.3.0-34.28.1 nfs-doc-1.3.0-34.28.1 nfs-kernel-server-1.3.0-34.28.1 nfs-kernel-server-debuginfo-1.3.0-34.28.1 nfs-utils-debugsource-1.3.0-34.28.1 References: https://bugzilla.suse.com/1181540 From sle-updates at lists.suse.com Thu Apr 15 16:27:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:27:26 +0200 (CEST) Subject: SUSE-RU-2021:1205-1: moderate: Recommended update for rsyslog Message-ID: <20210415162726.05331FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1205-1 Rating: moderate References: #1178490 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1205=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1205=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.39.0-4.10.1 rsyslog-debugsource-8.39.0-4.10.1 rsyslog-module-gssapi-8.39.0-4.10.1 rsyslog-module-gssapi-debuginfo-8.39.0-4.10.1 rsyslog-module-gtls-8.39.0-4.10.1 rsyslog-module-gtls-debuginfo-8.39.0-4.10.1 rsyslog-module-mmnormalize-8.39.0-4.10.1 rsyslog-module-mmnormalize-debuginfo-8.39.0-4.10.1 rsyslog-module-mysql-8.39.0-4.10.1 rsyslog-module-mysql-debuginfo-8.39.0-4.10.1 rsyslog-module-pgsql-8.39.0-4.10.1 rsyslog-module-pgsql-debuginfo-8.39.0-4.10.1 rsyslog-module-relp-8.39.0-4.10.1 rsyslog-module-relp-debuginfo-8.39.0-4.10.1 rsyslog-module-snmp-8.39.0-4.10.1 rsyslog-module-snmp-debuginfo-8.39.0-4.10.1 rsyslog-module-udpspoof-8.39.0-4.10.1 rsyslog-module-udpspoof-debuginfo-8.39.0-4.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): rsyslog-8.39.0-4.10.1 rsyslog-debuginfo-8.39.0-4.10.1 rsyslog-debugsource-8.39.0-4.10.1 References: https://bugzilla.suse.com/1178490 From sle-updates at lists.suse.com Thu Apr 15 16:28:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:28:29 +0200 (CEST) Subject: SUSE-RU-2021:1198-1: important: Recommended update for drbd Message-ID: <20210415162829.54363FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1198-1 Rating: important References: #1178388 #1183970 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd fixes the following issues: - drbd failed to detect a loss of synchronization under certain conditions, which meant that a "split brain" condition would not be recognized. This issue could potentially have lead to data loss. [bsc#1183970] - Fixed a build error with recent versions of the SLE-15-SP1 Linux kernel. [bsc#1178388] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1198=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-4.20.1 drbd-debugsource-9.0.14+git.62f906cf-4.20.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.71-4.20.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.71-4.20.1 References: https://bugzilla.suse.com/1178388 https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Thu Apr 15 16:29:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:29:33 +0200 (CEST) Subject: SUSE-RU-2021:1199-1: important: Recommended update for drbd Message-ID: <20210415162933.729E3FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1199-1 Rating: important References: #1178388 #1183970 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd fixes the following issues: - drbd failed to detect a loss of synchronization under certain conditions, which meant that a "split brain" condition would not be recognized. This issue could potentially have lead to data loss. [bsc#1183970] - Fixed a build error with recent versions of the SLE-15-SP1 Linux kernel. [bsc#1178388] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1199=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-3.30.1 drbd-debugsource-9.0.14+git.62f906cf-3.30.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.4.180_94.141-3.30.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.4.180_94.141-3.30.1 References: https://bugzilla.suse.com/1178388 https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Thu Apr 15 16:30:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:30:31 +0200 (CEST) Subject: SUSE-RU-2021:1208-1: Recommended update for ppc64-diag Message-ID: <20210415163031.8B0DCFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for ppc64-diag ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1208-1 Rating: low References: #1183700 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ppc64-diag fixes the following issues: - Fixed systemd warning about obsolete logging options (bsc#1183700) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1208=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): ppc64-diag-2.7.6-3.3.1 ppc64-diag-debuginfo-2.7.6-3.3.1 ppc64-diag-debugsource-2.7.6-3.3.1 References: https://bugzilla.suse.com/1183700 From sle-updates at lists.suse.com Thu Apr 15 16:31:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 18:31:38 +0200 (CEST) Subject: SUSE-SU-2021:1210-1: important: Security update for the Linux Kernel Message-ID: <20210415163138.57D86FCF8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1210-1 Rating: important References: #1065600 #1065729 #1103990 #1103991 #1103992 #1104270 #1104353 #1109837 #1111981 #1112374 #1113295 #1113994 #1118657 #1118661 #1119113 #1126390 #1129770 #1132477 #1142635 #1152446 #1154048 #1169709 #1172455 #1173485 #1175165 #1176720 #1176855 #1178163 #1178181 #1179243 #1179428 #1179454 #1179660 #1179755 #1180846 #1181507 #1181515 #1181544 #1181655 #1181674 #1181747 #1181753 #1181843 #1182011 #1182175 #1182485 #1182574 #1182715 #1182716 #1182717 #1183018 #1183022 #1183023 #1183378 #1183379 #1183380 #1183381 #1183382 #1183405 #1183416 #1183509 #1183593 #1183646 #1183662 #1183686 #1183692 #1183696 #1183755 #1183775 #1183861 #1183871 #1184114 #1184120 #1184167 #1184168 #1184170 #1184192 #1184193 #1184196 #1184198 #1184391 #1184393 #1184397 #1184494 #1184511 #1184583 Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2020-36311 CVE-2021-20219 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-26932 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26932 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 33 vulnerabilities and has 53 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access (bsc#1179660, bsc#1179428). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). The following non-security bugs were fixed: - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455). - bfq: update internal depth state when queue depth changes (bsc#1172455). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170). - bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163). - bpf_lru_list: Read double-checked variable once without lock (git-fixes). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check all path components in resolved dfs target (bsc#1179755). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: fix nodfs mount option (bsc#1179755). - cifs: introduce helper for finding referral server (bsc#1179755). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270). - dmaengine: hsu: disable spurious interrupt (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if (bsc#1129770) - drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc#1142635) - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1129770) - drm/compat: Clear bounce structures (bsc#1129770) - drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048) - drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152446) - drm/mediatek: Fix aal size config (bsc#1129770) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm: mxsfb: check framebuffer pitch (bsc#1129770) - drm/omap: fix max fclk divider for omap36xx (bsc#1152446) - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Put reference to VSP device (bsc#1129770) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770) - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770) - ethernet: alx: fix order of calls on resume (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770) - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - fix setting irq affinity (bsc#1184583) - futex: Prevent robust futex exit race (git-fixes). - gma500: clean up error handling in init (bsc#1129770) - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc#1111981). - i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ). - i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ). - IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991). - ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: add memory barrier to protect long term buffer (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Do not replenish RX buffers after every polling loop (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: fix block comments (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (bsc#1184114 ltc#192237). - ibmvnic: Fix TX completion error handling (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: prefer strscpy over strlcpy (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: reduce wait for completion time (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: remove excessive irqsave (bsc#1065729). - ibmvnic: remove never executed if statement (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - ibmvnic: send_login should check for crq errors (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: simplify reset_long_term_buff function (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1184114 ltc#192237 bsc#1183023 ltc#191791). - ibmvnic: track pending login (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ice: Account for port VLAN in VF max packet size calculation (bsc#1118661). - igc: check return value of ret_val in igc_config_fc_after_link_up (bsc#1118657). - igc: Report speed and duplex as unknown when device is runtime suspended (jsc#SLE-4799). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (bsc#1118657). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183378). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183379). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183380). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183381). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (bsc#1113994). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183382). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE. - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: bridge: use switchdev for port flags set through sysfs too (bsc#1112374). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - net: hns3: add a check for index in hclge_get_rss_key() (bsc#1126390). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (bsc#1104353). - net: hns3: fix bug when calculating the TCAM table info (bsc#1104353). - net: hns3: fix query vlan mask value error for flow director (bsc#1104353). - net/mlx5e: Update max_opened_tc also when channels are closed (bsc#1103990). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 (bsc#1119113). - net: re-solve some conflicts after net -> net-next merge (bsc#1184114 ltc#192237 bsc#1176855 ltc#187293). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc: Convert to using %pOFn instead of device_node.name (bsc#1181674 ltc#189159). - powerpc: Fix some spelling mistakes (bsc#1181674 ltc#189159). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/numa: Suppress "VPHN is not supported" messages (bsc#1181674 ltc#189159). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n (bsc#1181674 ltc#189159). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries: Generalize hcall_vphn() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory "re-add" implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask (bsc#1181674 ltc#189159). - powerpc/vio: Use device_type to detect family (bsc#1181674 ltc#189159). - printk: fix deadlock when kernel panic (bsc#1183018). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - rcu: Allow only one expedited GP to run concurrently with (git-fixes) - rcu: Fix missed wakeup of exp_wq waiters (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (bsc#1103991). - RDMA/rxe: Remove useless code in rxe_recv.c (bsc#1103992 ). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc (bsc#1103992). - Revert "ibmvnic: remove never executed if statement" (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165). - s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165). - s390/pci: Fix s390_mmio_read/write with MIO (LTC#192079 bsc#1183755). - s390/vtime: fix increased steal time accounting (bsc#1183861). - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/vtime: Fix guest/system mis-accounting on task switch (git-fixes) - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix ancient double free (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0() (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix 'physical' typos (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - selinux: never allow relabeling on context mounts (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846). - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - usbip: fix stub_dev to check for stream socket (git-fixes). - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - usbip: Fix unsafe unaligned pointer usage (git-fixes). - usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd to check for stream socket (git-fixes). - usbip: tools: fix build error for multiple definition (git-fixes). - usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - usb: replace hardcode maximum usb string length by definition (git-fixes). - usb: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - usb: serial: option: add Quectel EM160R-GL (git-fixes). - usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1129770) - video: fbdev: atmel_lcdfb: fix return error code in (bsc#1129770) Backporting notes: * context changes * fallout from trailing whitespaces - vsprintf: Do not have bprintf dereference pointers (bsc#1184494). - vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK) (bsc#1184494). - vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers (bsc#1184494). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/ioapic: Ignore IRQ2 again (12sp5). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (12sp5). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xsk: Remove dangling function declaration from header file (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1210=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1210=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1210=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1210=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1210=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 kernel-default-extra-4.12.14-122.66.2 kernel-default-extra-debuginfo-4.12.14-122.66.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.66.2 kernel-obs-build-debugsource-4.12.14-122.66.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.66.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.66.2 kernel-default-base-4.12.14-122.66.2 kernel-default-base-debuginfo-4.12.14-122.66.2 kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 kernel-default-devel-4.12.14-122.66.2 kernel-syms-4.12.14-122.66.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.66.2 kernel-macros-4.12.14-122.66.2 kernel-source-4.12.14-122.66.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.66.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.66.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 kernel-default-kgraft-4.12.14-122.66.2 kernel-default-kgraft-devel-4.12.14-122.66.2 kgraft-patch-4_12_14-122_66-default-1-8.3.2 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.66.2 cluster-md-kmp-default-debuginfo-4.12.14-122.66.2 dlm-kmp-default-4.12.14-122.66.2 dlm-kmp-default-debuginfo-4.12.14-122.66.2 gfs2-kmp-default-4.12.14-122.66.2 gfs2-kmp-default-debuginfo-4.12.14-122.66.2 kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 ocfs2-kmp-default-4.12.14-122.66.2 ocfs2-kmp-default-debuginfo-4.12.14-122.66.2 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29374.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-26932.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1132477 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1152446 https://bugzilla.suse.com/1154048 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1172455 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1175165 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179428 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1179660 https://bugzilla.suse.com/1179755 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181515 https://bugzilla.suse.com/1181544 https://bugzilla.suse.com/1181655 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181747 https://bugzilla.suse.com/1181753 https://bugzilla.suse.com/1181843 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182175 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183378 https://bugzilla.suse.com/1183379 https://bugzilla.suse.com/1183380 https://bugzilla.suse.com/1183381 https://bugzilla.suse.com/1183382 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183755 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183861 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184494 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184583 From sle-updates at lists.suse.com Thu Apr 15 19:15:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:15:55 +0200 (CEST) Subject: SUSE-RU-2021:1228-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415191555.27729FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1228-1 Rating: moderate References: #1131670 #1178072 #1181124 #1181474 #1182339 #1182603 #1183959 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Build requires Go 1.15 - Add %license macro for LICENSE file golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 golang-github-prometheus-prometheus: - Uyuni: `hostname` label is now set to FQDN instead of IP golang-github-prometheus-promu: - Require building with Go 1.15 grafana: - Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * "Release: Updated versions in package to 7.4.2" (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) (#31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) (#31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170) - Added add-gotest-module.patch to fix "inconsistent vendoring" build failure - Update to version 7.4.1: * "Release: Updated versions in package to 7.4.1" (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * "Release: Updated versions in package to 7.4.0" (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) (#30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the "outer join" performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) (#30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) (#30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) (#30438) * "Release: Updated versions in package to 7.4.0-beta.1" (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite??? (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide "Show points" in Points mode, enable "dot" lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename "graph3" to "timeseries" panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: "Interpolation: Step after" test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename "points" to "showPoints" (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to "Both" (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate "Transformations overview" topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed "what-is-grafana", and adjusted weight o??? (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel="noopener" to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282) - Rework package Makefile & README now that Grunt is gone - Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * "Release: Updated versions in package to 7.3.5" (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * "Release: Updated versions in package to 7.3.4" (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert "Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)" (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) (#28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691) rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) zypp-plugin-spacewalk: - Support for "allow vendor change" for patching/upgrading Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-1228=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-1.6.1 golang-github-lusitaniae-apache_exporter-0.7.0-1.10.1 golang-github-prometheus-prometheus-2.22.1-1.21.1 golang-github-prometheus-promu-0.3.0-1.6.1 grafana-7.4.2-1.18.1 - SUSE Manager Tools 12 (noarch): python2-rhnlib-4.1.4-21.28.1 python2-spacewalk-check-4.1.10-52.47.1 python2-spacewalk-client-setup-4.1.10-52.47.1 python2-spacewalk-client-tools-4.1.10-52.47.1 python2-zypp-plugin-spacewalk-1.0.9-30.27.1 spacecmd-4.1.11-38.79.1 spacewalk-check-4.1.10-52.47.1 spacewalk-client-setup-4.1.10-52.47.1 spacewalk-client-tools-4.1.10-52.47.1 zypp-plugin-spacewalk-1.0.9-30.27.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181474 https://bugzilla.suse.com/1182339 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Thu Apr 15 19:17:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:17:29 +0200 (CEST) Subject: SUSE-RU-2021:1213-1: Recommended update for SUSE Manager 4.0.13 Release Notes Message-ID: <20210415191729.0F50BFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.0.13 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1213-1 Rating: low References: #1157711 #1172287 #1173893 #1175660 #1179271 #1179579 #1181124 #1181228 #1181274 #1181290 #1181423 #1181807 #1181847 #1182008 #1182071 #1182197 #1182603 #1182771 #1182842 #1182916 #1183151 #1183394 #1183661 #1183845 #1184179 #1184271 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 26 recommended fixes can now be installed. Description: This update for SUSE Manager 4.0.13 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.0.13 - Bugs mentioned bsc#1157711, bsc#1172287, bsc#1173893, bsc#1175660, bsc#1179271, bsc#1179579, bsc#1181124, bsc#1181228, bsc#1181274, bsc#1181290, bsc#1181423, bsc#1181807, bsc#1181847, bsc#1182008, bsc#1182071, bsc#1182197, bsc#1182603, bsc#1182771, bsc#1182842, bsc#1182916, bsc#1183151, bsc#1183394, bsc#1183661, bsc#1183845, bsc#1184179, bsc#1184271 Release notes for SUSE Manager proxy: - Update to 4.0.13 - Bugs mentioned bsc#1173893, bsc#1181124, bsc#1181274, bsc#1181807, bsc#1182197, bsc#1182603, bsc#1183151, bsc#1184179 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1213=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1213=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1213=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.13-3.71.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.13-0.16.55.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.13-0.16.55.1 References: https://bugzilla.suse.com/1157711 https://bugzilla.suse.com/1172287 https://bugzilla.suse.com/1173893 https://bugzilla.suse.com/1175660 https://bugzilla.suse.com/1179271 https://bugzilla.suse.com/1179579 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181228 https://bugzilla.suse.com/1181274 https://bugzilla.suse.com/1181290 https://bugzilla.suse.com/1181423 https://bugzilla.suse.com/1181807 https://bugzilla.suse.com/1181847 https://bugzilla.suse.com/1182008 https://bugzilla.suse.com/1182071 https://bugzilla.suse.com/1182197 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1182771 https://bugzilla.suse.com/1182842 https://bugzilla.suse.com/1182916 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1183394 https://bugzilla.suse.com/1183661 https://bugzilla.suse.com/1183845 https://bugzilla.suse.com/1184179 https://bugzilla.suse.com/1184271 From sle-updates at lists.suse.com Thu Apr 15 19:20:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:20:40 +0200 (CEST) Subject: SUSE-RU-2021:14699-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415192040.79E69FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14699-1 Rating: moderate References: #1131670 #1178072 #1181124 #1181474 #1182339 #1182603 #1183959 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) zypp-plugin-spacewalk: - Support for "allow vendor change" for patching/upgrading Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202103-14699=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202103-14699=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python2-rhnlib-4.1.4-12.28.1 python2-spacewalk-check-4.1.10-27.47.1 python2-spacewalk-client-setup-4.1.10-27.47.1 python2-spacewalk-client-tools-4.1.10-27.47.1 python2-zypp-plugin-spacewalk-1.0.9-27.21.1 spacecmd-4.1.11-18.81.1 spacewalk-check-4.1.10-27.47.1 spacewalk-client-setup-4.1.10-27.47.1 spacewalk-client-tools-4.1.10-27.47.1 zypp-plugin-spacewalk-1.0.9-27.21.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.5-6.14.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python2-rhnlib-4.1.4-12.28.1 python2-spacewalk-check-4.1.10-27.47.1 python2-spacewalk-client-setup-4.1.10-27.47.1 python2-spacewalk-client-tools-4.1.10-27.47.1 python2-zypp-plugin-spacewalk-1.0.9-27.21.1 spacecmd-4.1.11-18.81.1 spacewalk-check-4.1.10-27.47.1 spacewalk-client-setup-4.1.10-27.47.1 spacewalk-client-tools-4.1.10-27.47.1 zypp-plugin-spacewalk-1.0.9-27.21.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.5-6.14.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181474 https://bugzilla.suse.com/1182339 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Thu Apr 15 19:22:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:22:17 +0200 (CEST) Subject: SUSE-RU-2021:1225-1: Recommended update for SUSE Manager 4.1.7 Release Notes Message-ID: <20210415192217.DB3DBFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.7 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1225-1 Rating: low References: #1178179 #1178767 #1179271 #1181124 #1181274 #1181580 #1181847 #1182132 #1182197 #1182339 #1182603 #1182687 #1182817 #1182842 #1182916 #1183038 #1183151 #1183661 #1183959 #1184271 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for SUSE Manager 4.1.7 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.1.7 - Bugs mentioned bsc#1178179, bsc#1178767, bsc#1179271, bsc#1181124, bsc#1181274, bsc#1181580, bsc#1181847, bsc#1182132, bsc#1182197, bsc#1182339, bsc#1182603, bsc#1182687, bsc#1182817, bsc#1182842, bsc#1182916, bsc#1183038, bsc#1183151, bsc#1183661, bsc#1183959, bsc#1184271 Release notes for SUSE Manager proxy: - Revision 4.1.7 - Bugs mentioned bsc#1181124, bsc#1181274, bsc#1181580, bsc#1182197, bsc#1182339, bsc#1182603, bsc#1183151, bsc#1183959 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-1225=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-1225=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-1225=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.7-3.44.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.7-3.32.1 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.7-3.32.1 References: https://bugzilla.suse.com/1178179 https://bugzilla.suse.com/1178767 https://bugzilla.suse.com/1179271 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181274 https://bugzilla.suse.com/1181580 https://bugzilla.suse.com/1181847 https://bugzilla.suse.com/1182132 https://bugzilla.suse.com/1182197 https://bugzilla.suse.com/1182339 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1182687 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1182842 https://bugzilla.suse.com/1182916 https://bugzilla.suse.com/1183038 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1183661 https://bugzilla.suse.com/1183959 https://bugzilla.suse.com/1184271 From sle-updates at lists.suse.com Thu Apr 15 19:25:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:25:04 +0200 (CEST) Subject: SUSE-RU-2021:1221-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415192504.29CDAFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1221-1 Rating: moderate References: #1177474 #1181124 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-1221=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.20.1 salt-minion-3000+ds-1+2.20.1 spacecmd-4.1.11-2.6.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Thu Apr 15 19:26:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:26:15 +0200 (CEST) Subject: SUSE-RU-2021:1212-1: important: Recommended update for rmt-server Message-ID: <20210415192615.E5812FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1212-1 Rating: important References: #1179523 #1180018 #1182736 #1183615 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: Update from version 2.6.5 to version 2.6.8 - Fixing wrong handling of `ids` starting with numeric characters. (bsc#1182736) - Clean out `subscriptions` table only if the replacement data is already available. (bsc#1183615) - Raise an error when there is an extension activated which has no migration successor (like LTSS). - Include installed modules to the solution tree when doing an offline migration. (bsc#1179523) - Do not raise an exception when mirroring if some information missing is in alpha or beta stage. (bsc#1180018) - Fix `rpath` build issues. - Add filter options for product listing and bash completion for new flags Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1212=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1212=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1212=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1212=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1212=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1212=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1212=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1212=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1212=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1212=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Manager Proxy 4.0 (x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.6.8-3.23.1 rmt-server-pubcloud-2.6.8-3.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 - SUSE CaaS Platform 4.0 (x86_64): rmt-server-2.6.8-3.23.1 rmt-server-config-2.6.8-3.23.1 rmt-server-debuginfo-2.6.8-3.23.1 References: https://bugzilla.suse.com/1179523 https://bugzilla.suse.com/1180018 https://bugzilla.suse.com/1182736 https://bugzilla.suse.com/1183615 From sle-updates at lists.suse.com Thu Apr 15 19:27:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:27:40 +0200 (CEST) Subject: SUSE-RU-2021:1229-1: moderate: Recommended update for salt Message-ID: <20210415192740.2AF8BFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1229-1 Rating: moderate References: #1177474 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt provides the following fixes: - Add core grains support for AlmaLinux. - Allow vendor change option with zypper. - virt: virtual network backports to Salt 3000. - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules. (bsc#1177474) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1229=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1229=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1229=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1229=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1229=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1229=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1229=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1229=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1229=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Manager Server 4.0 (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Manager Retail Branch Server 4.0 (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Manager Proxy 4.0 (x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Manager Proxy 4.0 (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3000-30.1 salt-fish-completion-3000-30.1 salt-zsh-completion-3000-30.1 - SUSE CaaS Platform 4.0 (x86_64): python2-salt-3000-30.1 python3-salt-3000-30.1 salt-3000-30.1 salt-api-3000-30.1 salt-cloud-3000-30.1 salt-doc-3000-30.1 salt-master-3000-30.1 salt-minion-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 References: https://bugzilla.suse.com/1177474 From sle-updates at lists.suse.com Thu Apr 15 19:28:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:28:46 +0200 (CEST) Subject: SUSE-RU-2021:1214-1: moderate: Recommended update for SUSE Manager Proxy 4.0 Message-ID: <20210415192846.E2675FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1214-1 Rating: moderate References: #1173893 #1181124 #1181274 #1181807 #1182197 #1182603 #1183151 #1184179 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Build requires Go 1.15 - Add %license macro for LICENSE file golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 mgr-osad: - Adapt to new SSL implementation of rhnlib (bsc#1181807) rhnlib: - Change SSL implementation to python ssl for better SAN and hostname matching support (bsc#1181807) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-backend: - Deb_src repo plugin is not restoring config namespace on exception (bsc#1182197, bsc#1184179) - Fixing improper exception handling causing another exception in ThreadedDownloader - Avoid race condition due multiple reposync import threads (bsc#1183151) - Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary mode (bsc#1181274) - Open repomd files as binary (bsc#1173893) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-proxy: - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-proxy-installer: - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-web: - Speed up susemanager-nodejs-sdk-devel RPM build zypp-plugin-spacewalk: - Support for "allow vendor change" for patching/upgrading How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2021-1214=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): mgr-osad-4.0.12-3.12.1 python3-mgr-osa-common-4.0.12-3.12.1 python3-mgr-osad-4.0.12-3.12.1 python3-rhnlib-4.0.13-3.14.1 python3-spacewalk-backend-libs-4.0.37-3.44.2 python3-spacewalk-check-4.0.14-3.19.1 python3-spacewalk-client-setup-4.0.14-3.19.1 python3-spacewalk-client-tools-4.0.14-3.19.1 python3-zypp-plugin-spacewalk-1.0.9-3.17.1 spacecmd-4.0.23-3.28.1 spacewalk-backend-4.0.37-3.44.2 spacewalk-base-minimal-4.0.27-3.42.1 spacewalk-base-minimal-config-4.0.27-3.42.1 spacewalk-check-4.0.14-3.19.1 spacewalk-client-setup-4.0.14-3.19.1 spacewalk-client-tools-4.0.14-3.19.1 spacewalk-proxy-broker-4.0.16-3.16.1 spacewalk-proxy-common-4.0.16-3.16.1 spacewalk-proxy-installer-4.0.14-3.9.1 spacewalk-proxy-management-4.0.16-3.16.1 spacewalk-proxy-package-manager-4.0.16-3.16.1 spacewalk-proxy-redirect-4.0.16-3.16.1 spacewalk-proxy-salt-4.0.16-3.16.1 zypp-plugin-spacewalk-1.0.9-3.17.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (x86_64): golang-github-boynux-squid_exporter-1.6-3.3.1 golang-github-boynux-squid_exporter-debuginfo-1.6-3.3.1 golang-github-lusitaniae-apache_exporter-0.7.0-3.11.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-3.11.1 References: https://bugzilla.suse.com/1173893 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181274 https://bugzilla.suse.com/1181807 https://bugzilla.suse.com/1182197 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1184179 From sle-updates at lists.suse.com Thu Apr 15 19:31:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:31:07 +0200 (CEST) Subject: SUSE-RU-2021:14695-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415193107.322F2FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14695-1 Rating: moderate References: #1177474 #1181124 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202103-14695=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.41.1 salt-minion-3000+ds-1+2.41.1 spacecmd-4.1.11-2.21.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Thu Apr 15 19:32:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:32:10 +0200 (CEST) Subject: SUSE-SU-2021:1211-1: important: Security update for the Linux Kernel Message-ID: <20210415193210.CDE3DFCF8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1211-1 Rating: important References: #1047233 #1065729 #1113295 #1152472 #1152489 #1153274 #1154353 #1155518 #1156256 #1156395 #1159280 #1160634 #1167773 #1168777 #1169514 #1169709 #1171295 #1173485 #1177326 #1178163 #1178181 #1178330 #1179454 #1180197 #1180980 #1181383 #1181507 #1181674 #1181862 #1182011 #1182077 #1182485 #1182552 #1182574 #1182591 #1182595 #1182712 #1182713 #1182715 #1182716 #1182717 #1182770 #1182989 #1183015 #1183018 #1183022 #1183023 #1183048 #1183252 #1183277 #1183278 #1183279 #1183280 #1183281 #1183282 #1183283 #1183284 #1183285 #1183286 #1183287 #1183288 #1183366 #1183369 #1183386 #1183405 #1183412 #1183416 #1183427 #1183428 #1183445 #1183447 #1183501 #1183509 #1183530 #1183534 #1183540 #1183593 #1183596 #1183598 #1183637 #1183646 #1183662 #1183686 #1183692 #1183696 #1183750 #1183757 #1183775 #1183843 #1183859 #1183871 #1184074 #1184120 #1184167 #1184168 #1184170 #1184176 #1184192 #1184193 #1184194 #1184196 #1184198 #1184211 #1184217 #1184218 #1184219 #1184220 #1184224 #1184388 #1184391 #1184393 #1184509 #1184511 #1184512 #1184514 #1184583 #1184647 Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2019-18814 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18814 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19769 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2019-19769 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28375 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has 85 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and kvm_exit events", bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1211=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-33.1 cluster-md-kmp-rt-debuginfo-5.3.18-33.1 dlm-kmp-rt-5.3.18-33.1 dlm-kmp-rt-debuginfo-5.3.18-33.1 gfs2-kmp-rt-5.3.18-33.1 gfs2-kmp-rt-debuginfo-5.3.18-33.1 kernel-rt-5.3.18-33.1 kernel-rt-debuginfo-5.3.18-33.1 kernel-rt-debugsource-5.3.18-33.1 kernel-rt-devel-5.3.18-33.1 kernel-rt-devel-debuginfo-5.3.18-33.1 kernel-rt_debug-debuginfo-5.3.18-33.1 kernel-rt_debug-debugsource-5.3.18-33.1 kernel-rt_debug-devel-5.3.18-33.1 kernel-rt_debug-devel-debuginfo-5.3.18-33.1 kernel-syms-rt-5.3.18-33.1 ocfs2-kmp-rt-5.3.18-33.1 ocfs2-kmp-rt-debuginfo-5.3.18-33.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-33.1 kernel-source-rt-5.3.18-33.1 References: https://www.suse.com/security/cve/CVE-2019-18814.html https://www.suse.com/security/cve/CVE-2019-19769.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28375.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156256 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159280 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168777 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1171295 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1180197 https://bugzilla.suse.com/1180980 https://bugzilla.suse.com/1181383 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182077 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182552 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182591 https://bugzilla.suse.com/1182595 https://bugzilla.suse.com/1182712 https://bugzilla.suse.com/1182713 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1182770 https://bugzilla.suse.com/1182989 https://bugzilla.suse.com/1183015 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183048 https://bugzilla.suse.com/1183252 https://bugzilla.suse.com/1183277 https://bugzilla.suse.com/1183278 https://bugzilla.suse.com/1183279 https://bugzilla.suse.com/1183280 https://bugzilla.suse.com/1183281 https://bugzilla.suse.com/1183282 https://bugzilla.suse.com/1183283 https://bugzilla.suse.com/1183284 https://bugzilla.suse.com/1183285 https://bugzilla.suse.com/1183286 https://bugzilla.suse.com/1183287 https://bugzilla.suse.com/1183288 https://bugzilla.suse.com/1183366 https://bugzilla.suse.com/1183369 https://bugzilla.suse.com/1183386 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183412 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183427 https://bugzilla.suse.com/1183428 https://bugzilla.suse.com/1183445 https://bugzilla.suse.com/1183447 https://bugzilla.suse.com/1183501 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183530 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183596 https://bugzilla.suse.com/1183598 https://bugzilla.suse.com/1183637 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183750 https://bugzilla.suse.com/1183757 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183843 https://bugzilla.suse.com/1183859 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184074 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184176 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184217 https://bugzilla.suse.com/1184218 https://bugzilla.suse.com/1184219 https://bugzilla.suse.com/1184220 https://bugzilla.suse.com/1184224 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184647 From sle-updates at lists.suse.com Thu Apr 15 19:44:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:44:00 +0200 (CEST) Subject: SUSE-RU-2021:1234-1: moderate: Recommended update for python-kiwi Message-ID: <20210415194400.829B5FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1234-1 Rating: moderate References: #1178670 #1182211 #1182264 #1182963 #1183059 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: Upgrade from version 9.23.19 to version 9.23.20 - Require `qemu-img` in any filesystem based image. Move the qemu-img requirement into the `kiwi-systemdeps-filesystems` to ensure ISO, OEM and PXE images include it in the build service. This is also required for images that are simple root-trees in a filesystem `(image=ext4)`. - Add a requirement for `kiwi-systemdeps-iso-media` on disk images. Add a requirement for `kiwi-systemdeps-iso-media` in `kiwi-systemdeps-disk-images`. This is to ensure that installing `kiwi-systemdeps-disk-images` is enough to build OEM images including install media. - Turn `fb-util-for-appx` requirement into a recommendation. Relax the requirement for `fb-util-for-appx` since the utiliy is not part of all SUSE Linux Enterprise 15 Service Packs. - Refactor grub2 installation. (bsc#1182211) Split the installation in two parts. Former `grub2.install` method was meant to run the `grub2-install` tool, however, in addition it was also running the secure boot installation `shim-install`. The install method in `KIWI` is skipped for those architectures and firmware combinations for which bios support doesn't exist. This was leading to skip the secure boot installation. The current approach strips the secure boot installation logic from the `grub2.install` method, so skipping the install method does not automatically result in skipping the secure boot installation. - Fix `lsblk` flags to get sorted output (bsc#1182264, bsc#1182963, bsc#1183059) Modify the `lsblk` command flags to get a sorted output according to the disk layout. - Avoid using generators in `pre-mount` hooks (bsc#1178670) Delete the generator that was creating the `sysroot.mount` unit for ramdisk deployments. Generators, specially the `sysroot.mount` is expected to be created on very early stages of the boot procedure as this has impact on relevant targets such as `initrd-root-fs.target`, which does not depend on `sysroot.mount` if the unit is not there. In ramdisk deployments some data is known on pre-mount stage as it is downloaded from the PXE server. At this stage it is not safe to generate a `sysroot.mount` unit that depends on `initrd-root-fs.target` as the target is close to finalize or even finalized already and could potentially skip `sysroot.mount` exection. Instead include a mount hook which is only executed on ramdisk deployments that simply runs the mount command to mount `/sysroot`. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1234=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1234=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1234=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1234=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1234=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1234=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1234=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1234=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1234=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1234=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1234=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Manager Server 4.0 (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-pxeboot-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Manager Proxy 4.0 (x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-pxeboot-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-pxeboot-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-bootloaders-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-systemdeps-disk-images-9.23.20-3.37.1 kiwi-systemdeps-filesystems-9.23.20-3.37.1 kiwi-systemdeps-image-validation-9.23.20-3.37.1 kiwi-systemdeps-iso-media-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 - SUSE Enterprise Storage 6 (x86_64): kiwi-pxeboot-9.23.20-3.37.1 - SUSE CaaS Platform 4.0 (x86_64): dracut-kiwi-lib-9.23.20-3.37.1 dracut-kiwi-live-9.23.20-3.37.1 dracut-kiwi-oem-dump-9.23.20-3.37.1 dracut-kiwi-oem-repart-9.23.20-3.37.1 dracut-kiwi-overlay-9.23.20-3.37.1 kiwi-man-pages-9.23.20-3.37.1 kiwi-pxeboot-9.23.20-3.37.1 kiwi-systemdeps-core-9.23.20-3.37.1 kiwi-tools-9.23.20-3.37.1 kiwi-tools-debuginfo-9.23.20-3.37.1 python-kiwi-debugsource-9.23.20-3.37.1 python3-kiwi-9.23.20-3.37.1 References: https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 From sle-updates at lists.suse.com Thu Apr 15 19:45:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:45:20 +0200 (CEST) Subject: SUSE-RU-2021:1230-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415194520.A9A62FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1230-1 Rating: moderate References: #1131670 #1178072 #1181124 #1181474 #1182339 #1182603 #1183959 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Build requires Go 1.15 - Add %license macro for LICENSE file golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 golang-github-prometheus-prometheus: - Uyuni: `hostname` label is now set to FQDN instead of IP grafana: - Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * "Release: Updated versions in package to 7.4.2" (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) (#31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) (#31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170) - Added add-gotest-module.patch to fix "inconsistent vendoring" build failure - Update to version 7.4.1: * "Release: Updated versions in package to 7.4.1" (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * "Release: Updated versions in package to 7.4.0" (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) (#30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the "outer join" performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) (#30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) (#30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) (#30438) * "Release: Updated versions in package to 7.4.0-beta.1" (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite??? (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide "Show points" in Points mode, enable "dot" lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename "graph3" to "timeseries" panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: "Interpolation: Step after" test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename "points" to "showPoints" (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to "Both" (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate "Transformations overview" topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed "what-is-grafana", and adjusted weight o??? (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel="noopener" to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282) - Rework package Makefile & README now that Grunt is gone - Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * "Release: Updated versions in package to 7.3.5" (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * "Release: Updated versions in package to 7.3.4" (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert "Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)" (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) (#28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691) rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) zypp-plugin-spacewalk: - Support for "allow vendor change" for patching/upgrading Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1230=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-1230=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1230=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-1.6.1 golang-github-boynux-squid_exporter-debuginfo-1.6-1.6.1 golang-github-lusitaniae-apache_exporter-0.7.0-1.9.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-1.9.1 golang-github-prometheus-prometheus-2.22.1-3.23.1 grafana-7.4.2-1.18.1 - SUSE Manager Tools 15 (noarch): python3-rhnlib-4.1.4-3.22.1 python3-spacewalk-check-4.1.10-3.38.1 python3-spacewalk-client-setup-4.1.10-3.38.1 python3-spacewalk-client-tools-4.1.10-3.38.1 python3-zypp-plugin-spacewalk-1.0.9-3.18.1 spacecmd-4.1.11-3.56.1 spacewalk-check-4.1.10-3.38.1 spacewalk-client-setup-4.1.10-3.38.1 spacewalk-client-tools-4.1.10-3.38.1 supportutils-plugin-salt-1.1.5-3.3.1 zypp-plugin-spacewalk-1.0.9-3.18.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-zypp-plugin-spacewalk-1.0.9-3.18.1 zypp-plugin-spacewalk-1.0.9-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): supportutils-plugin-salt-1.1.5-3.3.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181474 https://bugzilla.suse.com/1182339 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Thu Apr 15 19:46:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:46:50 +0200 (CEST) Subject: SUSE-RU-2021:1226-1: moderate: Recommended update for Salt Message-ID: <20210415194650.7256BFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1226-1 Rating: moderate References: #1177474 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1226=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1226=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1226=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1226=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-salt-3000-5.112.1 python3-salt-3000-5.112.1 salt-3000-5.112.1 salt-api-3000-5.112.1 salt-cloud-3000-5.112.1 salt-doc-3000-5.112.1 salt-master-3000-5.112.1 salt-minion-3000-5.112.1 salt-proxy-3000-5.112.1 salt-ssh-3000-5.112.1 salt-standalone-formulas-configuration-3000-5.112.1 salt-syndic-3000-5.112.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3000-5.112.1 salt-fish-completion-3000-5.112.1 salt-zsh-completion-3000-5.112.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-salt-3000-5.112.1 python3-salt-3000-5.112.1 salt-3000-5.112.1 salt-api-3000-5.112.1 salt-cloud-3000-5.112.1 salt-doc-3000-5.112.1 salt-master-3000-5.112.1 salt-minion-3000-5.112.1 salt-proxy-3000-5.112.1 salt-ssh-3000-5.112.1 salt-standalone-formulas-configuration-3000-5.112.1 salt-syndic-3000-5.112.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3000-5.112.1 salt-fish-completion-3000-5.112.1 salt-zsh-completion-3000-5.112.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-salt-3000-5.112.1 python3-salt-3000-5.112.1 salt-3000-5.112.1 salt-api-3000-5.112.1 salt-cloud-3000-5.112.1 salt-doc-3000-5.112.1 salt-master-3000-5.112.1 salt-minion-3000-5.112.1 salt-proxy-3000-5.112.1 salt-ssh-3000-5.112.1 salt-standalone-formulas-configuration-3000-5.112.1 salt-syndic-3000-5.112.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3000-5.112.1 salt-fish-completion-3000-5.112.1 salt-zsh-completion-3000-5.112.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-salt-3000-5.112.1 python3-salt-3000-5.112.1 salt-3000-5.112.1 salt-api-3000-5.112.1 salt-cloud-3000-5.112.1 salt-doc-3000-5.112.1 salt-master-3000-5.112.1 salt-minion-3000-5.112.1 salt-proxy-3000-5.112.1 salt-ssh-3000-5.112.1 salt-standalone-formulas-configuration-3000-5.112.1 salt-syndic-3000-5.112.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3000-5.112.1 salt-fish-completion-3000-5.112.1 salt-zsh-completion-3000-5.112.1 References: https://bugzilla.suse.com/1177474 From sle-updates at lists.suse.com Thu Apr 15 19:47:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:47:42 +0200 (CEST) Subject: SUSE-RU-2021:1231-1: moderate: Recommended update for SUSE Manager Proxy 4.1 Message-ID: <20210415194742.7F901FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1231-1 Rating: moderate References: #1181124 #1181274 #1181580 #1182197 #1182339 #1182603 #1183151 #1183959 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Build requires Go 1.15 - Add %license macro for LICENSE file golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-backend: - Deb_src repo plugin is not restoring config namespace on exception (bsc#1182197) - Fixing improper exception handling causing another exception in ThreadedDownloader - Avoid race condition due multiple reposync import threads (bsc#1183151) - Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary mode (bsc#1181274) spacewalk-certs-tools: - Add reactivation key support to bootstrap script (bsc#1181580) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) spacewalk-web: - Fix flow-bin runtime issues that were breaking the tests How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-1231=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-rhnlib-4.1.4-4.6.1 python3-spacewalk-certs-tools-4.1.15-3.12.1 python3-spacewalk-check-4.1.10-4.15.2 python3-spacewalk-client-setup-4.1.10-4.15.2 python3-spacewalk-client-tools-4.1.10-4.15.2 spacecmd-4.1.11-4.18.1 spacewalk-backend-4.1.22-4.25.4 spacewalk-base-minimal-4.1.24-3.21.2 spacewalk-base-minimal-config-4.1.24-3.21.2 spacewalk-certs-tools-4.1.15-3.12.1 spacewalk-check-4.1.10-4.15.2 spacewalk-client-setup-4.1.10-4.15.2 spacewalk-client-tools-4.1.10-4.15.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64): golang-github-boynux-squid_exporter-1.6-2.3.2 golang-github-boynux-squid_exporter-debuginfo-1.6-2.3.2 golang-github-lusitaniae-apache_exporter-0.7.0-2.3.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-2.3.2 References: https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181274 https://bugzilla.suse.com/1181580 https://bugzilla.suse.com/1182197 https://bugzilla.suse.com/1182339 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Thu Apr 15 19:49:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:49:13 +0200 (CEST) Subject: SUSE-RU-2021:1223-1: moderate: Recommended update for Salt Message-ID: <20210415194913.C809FFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1223-1 Rating: moderate References: #1131670 #1177474 #1178072 #1181474 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-1223=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2021-1223=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.139.1 python3-salt-3000-46.139.1 salt-3000-46.139.1 salt-doc-3000-46.139.1 salt-minion-3000-46.139.1 - SUSE Manager Tools 12 (noarch): supportutils-plugin-salt-1.1.5-6.13.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.139.1 salt-3000-46.139.1 salt-api-3000-46.139.1 salt-cloud-3000-46.139.1 salt-doc-3000-46.139.1 salt-master-3000-46.139.1 salt-minion-3000-46.139.1 salt-proxy-3000-46.139.1 salt-ssh-3000-46.139.1 salt-standalone-formulas-configuration-3000-46.139.1 salt-syndic-3000-46.139.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-46.139.1 salt-zsh-completion-3000-46.139.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1181474 From sle-updates at lists.suse.com Thu Apr 15 19:50:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:50:23 +0200 (CEST) Subject: SUSE-RU-2021:1224-1: moderate: Recommended update for salt Message-ID: <20210415195023.F2DECFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1224-1 Rating: moderate References: #1177474 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt provides the following fixes: - Add core grains support for AlmaLinux. - Allow vendor change option with zypper. - virt: virtual network backports to Salt 3000. - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules. (bsc#1177474) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1224=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1224=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-1224=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1224=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python3-salt-3000-30.1 salt-3000-30.1 salt-minion-3000-30.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3000-30.1 salt-cloud-3000-30.1 salt-master-3000-30.1 salt-proxy-3000-30.1 salt-ssh-3000-30.1 salt-standalone-formulas-configuration-3000-30.1 salt-syndic-3000-30.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3000-30.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python2-salt-3000-30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3000-30.1 salt-3000-30.1 salt-doc-3000-30.1 salt-minion-3000-30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3000-30.1 salt-zsh-completion-3000-30.1 References: https://bugzilla.suse.com/1177474 From sle-updates at lists.suse.com Thu Apr 15 19:51:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:51:23 +0200 (CEST) Subject: SUSE-SU-2021:1233-1: moderate: Security update for grafana and system-user-grafana Message-ID: <20210415195123.16909FCF8@maintenance.suse.de> SUSE Security Update: Security update for grafana and system-user-grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1233-1 Rating: moderate References: #1148383 #1170557 #1170657 #1172409 #1172450 #1175951 #1178243 Cross-References: CVE-2018-18623 CVE-2019-15043 CVE-2019-19499 CVE-2020-12052 CVE-2020-12245 CVE-2020-13379 CVE-2020-24303 CVSS scores: CVE-2018-18623 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-18623 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-15043 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15043 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2019-19499 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2019-19499 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12052 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-12052 (SUSE): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE-2020-12245 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-12245 (SUSE): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE-2020-13379 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-13379 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-24303 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-24303 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Manager Tools 15 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grafana and system-user-grafana fixes the following issues: - Updated grafana to upstream version 7.3.1 * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana * CVE-2020-12245: Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip (bsc#1170557) * CVE-2020-13379: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault (bsc#1172409) * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana (bsc#1148383) * CVE-2020-12052: Grafana version below 6.7.3 is vulnerable for annotation popup XSS (bsc#1170657) * CVE-2020-24303: Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. (bsc#1178243) * CVE-2018-18623: Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen (bsc#1172450) * CVE-2019-19499: Grafana versions below or equal to 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations (bsc#1175951) * Please refer to this package's changelog to get a full list of all changes (including bug fixes etc.) - Initial shipment of system-user-grafana to SES 6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1233=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1233=1 Package List: - SUSE Manager Tools 15 (noarch): system-user-grafana-1.0.0-3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): grafana-7.3.1-3.6.1 - SUSE Enterprise Storage 6 (noarch): system-user-grafana-1.0.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-18623.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2019-19499.html https://www.suse.com/security/cve/CVE-2020-12052.html https://www.suse.com/security/cve/CVE-2020-12245.html https://www.suse.com/security/cve/CVE-2020-13379.html https://www.suse.com/security/cve/CVE-2020-24303.html https://bugzilla.suse.com/1148383 https://bugzilla.suse.com/1170557 https://bugzilla.suse.com/1170657 https://bugzilla.suse.com/1172409 https://bugzilla.suse.com/1172450 https://bugzilla.suse.com/1175951 https://bugzilla.suse.com/1178243 From sle-updates at lists.suse.com Thu Apr 15 19:53:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:53:51 +0200 (CEST) Subject: SUSE-RU-2021:1231-1: moderate: Recommended update for SUSE Manager Server 4.1 Message-ID: <20210415195351.5F647FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1231-1 Rating: moderate References: #1178179 #1178767 #1179271 #1181124 #1181274 #1181580 #1181847 #1182132 #1182197 #1182339 #1182603 #1182687 #1182817 #1182842 #1182916 #1183038 #1183151 #1183661 #1183959 #1184271 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 mgr-libmod: - Support multiple stream versions for RHEL repos (bsc#1183038) py26-compat-msgpack-python: - Added versioned Python2 for RHEL8 python-susemanager-retail: - Skip internal initialization of excluded formulas rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-backend: - Deb_src repo plugin is not restoring config namespace on exception (bsc#1182197) - Fixing improper exception handling causing another exception in ThreadedDownloader - Avoid race condition due multiple reposync import threads (bsc#1183151) - Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary mode (bsc#1181274) spacewalk-certs-tools: - Add reactivation key support to bootstrap script (bsc#1181580) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) spacewalk-java: - Eliminate duplicate entries when displaying results from mgr-libmod - Speed up the system groups page (bsc#1182132) - Raise length limit for kernel options (bsc#1182916) - Adapt logging for testing accessability of URLs (bsc#1182817) - Fix: populate docker-registries on inspection (bsc#1178179) - Log shell command output on failure when checking known_hosts file permissions - Speed up pages to compare or add packages to channels (bsc#1178767) - Improve fromdir with better mapping of URL to local files spacewalk-setup: - Set AJP parameters differently to prevent AH00992, AH00877 and AH01030: ajp_ilink_receive() can't receive header errors (bsc#1179271) spacewalk-utils: - Add the Universe Security repositories for Ubuntu spacewalk-web: - Fix flow-bin runtime issues that were breaking the tests susemanager-doc-indexes: - Remove Universe requirement for Ubuntu 20.04 - Adds missing Salt steps for Replacing Proxy procedure in Installation Guide (bsc#1181580) susemanager-docs_en: - Remove Universe requirement for Ubuntu 20.04 - Adds missing Salt steps for Replacing Proxy procedure in Installation Guide (bsc#1181580) susemanager-schema: - Raise length limit for kernel options (bsc#1182916) - Fix: increase password length in the database (bsc#1182687) susemanager-sls: - Require new kiwi-systemdeps packages (bsc#1184271) - Prevent useless package list refresh actions on zypper minions (bsc#1183661) - Skip removed product classes with satellite-sync - Handle GPG keys when bootstrapping ssh minions (bsc#1181847) susemanager-sync-data: - Define missing ubuntu universe update channels (bsc#1182842) - Define UEK repositories for Oracle Linux How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1231=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-1231=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.7.0-2.3.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-2.3.2 py26-compat-msgpack-python-0.4.6-3.3.1 py26-compat-msgpack-python-debuginfo-0.4.6-3.3.1 py26-compat-msgpack-python-debugsource-0.4.6-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): mgr-libmod-4.1.8-3.19.1 python3-rhnlib-4.1.4-4.6.1 python3-spacewalk-certs-tools-4.1.15-3.12.1 python3-spacewalk-client-tools-4.1.10-4.15.2 python3-susemanager-retail-1.0.1614159840.ef7cad5-3.9.1 spacecmd-4.1.11-4.18.1 spacewalk-backend-4.1.22-4.25.4 spacewalk-backend-app-4.1.22-4.25.4 spacewalk-backend-applet-4.1.22-4.25.4 spacewalk-backend-config-files-4.1.22-4.25.4 spacewalk-backend-config-files-common-4.1.22-4.25.4 spacewalk-backend-config-files-tool-4.1.22-4.25.4 spacewalk-backend-iss-4.1.22-4.25.4 spacewalk-backend-iss-export-4.1.22-4.25.4 spacewalk-backend-package-push-server-4.1.22-4.25.4 spacewalk-backend-server-4.1.22-4.25.4 spacewalk-backend-sql-4.1.22-4.25.4 spacewalk-backend-sql-postgresql-4.1.22-4.25.4 spacewalk-backend-tools-4.1.22-4.25.4 spacewalk-backend-xml-export-libs-4.1.22-4.25.4 spacewalk-backend-xmlrpc-4.1.22-4.25.4 spacewalk-base-4.1.24-3.21.2 spacewalk-base-minimal-4.1.24-3.21.2 spacewalk-base-minimal-config-4.1.24-3.21.2 spacewalk-certs-tools-4.1.15-3.12.1 spacewalk-client-tools-4.1.10-4.15.2 spacewalk-html-4.1.24-3.21.2 spacewalk-java-4.1.31-3.34.2 spacewalk-java-config-4.1.31-3.34.2 spacewalk-java-lib-4.1.31-3.34.2 spacewalk-java-postgresql-4.1.31-3.34.2 spacewalk-setup-4.1.8-3.9.1 spacewalk-taskomatic-4.1.31-3.34.2 spacewalk-utils-4.1.15-3.15.1 spacewalk-utils-extras-4.1.15-3.15.1 susemanager-doc-indexes-4.1-11.31.2 susemanager-docs_en-4.1-11.31.1 susemanager-docs_en-pdf-4.1-11.31.1 susemanager-retail-tools-1.0.1614159840.ef7cad5-3.9.1 susemanager-schema-4.1.20-3.27.2 susemanager-sls-4.1.23-3.31.1 susemanager-sync-data-4.1.12-3.17.1 susemanager-web-libs-4.1.24-3.21.2 uyuni-config-modules-4.1.23-3.31.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-rhnlib-4.1.4-4.6.1 python3-spacewalk-certs-tools-4.1.15-3.12.1 python3-spacewalk-check-4.1.10-4.15.2 python3-spacewalk-client-setup-4.1.10-4.15.2 python3-spacewalk-client-tools-4.1.10-4.15.2 spacecmd-4.1.11-4.18.1 spacewalk-backend-4.1.22-4.25.4 spacewalk-base-minimal-4.1.24-3.21.2 spacewalk-base-minimal-config-4.1.24-3.21.2 spacewalk-certs-tools-4.1.15-3.12.1 spacewalk-check-4.1.10-4.15.2 spacewalk-client-setup-4.1.10-4.15.2 spacewalk-client-tools-4.1.10-4.15.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64): golang-github-boynux-squid_exporter-1.6-2.3.2 golang-github-boynux-squid_exporter-debuginfo-1.6-2.3.2 golang-github-lusitaniae-apache_exporter-0.7.0-2.3.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-2.3.2 References: https://bugzilla.suse.com/1178179 https://bugzilla.suse.com/1178767 https://bugzilla.suse.com/1179271 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181274 https://bugzilla.suse.com/1181580 https://bugzilla.suse.com/1181847 https://bugzilla.suse.com/1182132 https://bugzilla.suse.com/1182197 https://bugzilla.suse.com/1182339 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1182687 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1182842 https://bugzilla.suse.com/1182916 https://bugzilla.suse.com/1183038 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1183661 https://bugzilla.suse.com/1183959 https://bugzilla.suse.com/1184271 From sle-updates at lists.suse.com Thu Apr 15 19:56:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:56:25 +0200 (CEST) Subject: SUSE-RU-2021:1214-1: moderate: Recommended update for SUSE Manager Server 4.0 Message-ID: <20210415195625.8555CFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1214-1 Rating: moderate References: #1157711 #1172287 #1173893 #1175660 #1179271 #1179579 #1181124 #1181228 #1181274 #1181290 #1181423 #1181807 #1181847 #1182008 #1182071 #1182197 #1182603 #1182771 #1182842 #1182916 #1183151 #1183394 #1183661 #1183845 #1184179 #1184271 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 26 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Fix string replacement for @@xyz@@ golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 mgr-osad: - Adapt to new SSL implementation of rhnlib (bsc#1181807) py26-compat-msgpack-python: - Added versioned Python2 for RHEL8 py26-compat-salt: - Do not crash when unexpected cmd output at listing patches (bsc#1181290) rhnlib: - Change SSL implementation to python ssl for better SAN and hostname matching support (bsc#1181807) saltboot-formula: - Backport SLE11 saltboot split (bsc#1182771) - Support older SLE11 cryptsetup (bsc#1172287) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-backend: - Deb_src repo plugin is not restoring config namespace on exception (bsc#1182197, bsc#1184179) - Fixing improper exception handling causing another exception in ThreadedDownloader - Avoid race condition due multiple reposync import threads (bsc#1183151) - Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary mode (bsc#1181274) - Open repomd files as binary (bsc#1173893) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-config: - Increase apache ssl logs to include response code and process time spacewalk-java: - Raise length limit for kernel options (bsc#1182916) - Log shell command output on failure when checking known_hosts file permissions - Improve fromdir with better mapping of URL to local files - Homogenizes style in filter buttons, facilitating testability - Fix user creation with pam auth and no password (bsc#1179579) - Do not call page decorator in HEAD requests (bsc#1181228) - Ensure new files are synced just after writing them (bsc#1175660) - Enable openscap auditing for salt systems in SSM (bsc#1157711) - Show packages from channels assigned to the targeted system (bsc#1181423) spacewalk-setup: - Set AJP parameters differently to prevent AH00992, AH00877 and AH01030: ajp_ilink_receive() can't receive header errors (bsc#1179271) spacewalk-utils: - Add the Universe Updates and Security repositories for Ubuntu spacewalk-web: - Speed up susemanager-nodejs-sdk-devel RPM build susemanager: - Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008) - Python3-dbus-python and dependencies not installed by default on JeOS SLE15 images, add them to the bootstrap repository list of packages for traditional (bsc#1182071) susemanager-doc-indexes: - Added Ubuntu 20.04 instructions (bsc#1183394) - Removed Oracle mention from index page - Added procedure for running configure-proxy.sh script when replacing a proxy susemanager-docs_en: - Added Ubuntu 20.04 instructions (bsc#1183394) - Removed Oracle mention from index page - Added procedure for running configure-proxy.sh script when replacing a proxy susemanager-schema: - Raise length limit for kernel options (bsc#1182916) - Enable openscap auditing for salt systems in SSM (bsc#1157711) susemanager-sls: - Require new kiwi-systemdeps packages (bsc#1184271) - Prevent useless package list refresh actions on zypper minions (bsc#1183661) - Skip removed product classes with satellite-sync - Handle GPG keys when bootstrapping ssh minions (bsc#1181847) - Ubuntu 18 has version of apt which does not correctly support auth.conf.d directory. Detect the working version and use this feature only when we have a higher version installed susemanager-sync-data: - Define missing ubuntu universe update channels (bsc#1182842) - Define UEK repositories for Oracle Linux - Add OES2018 SP3 (bsc#1183845) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: `spacewalk-schema-upgrade` 5. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-1214=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2021-1214=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.7.0-3.11.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-3.11.1 py26-compat-msgpack-python-0.4.6-3.3.1 py26-compat-msgpack-python-debuginfo-0.4.6-3.3.1 py26-compat-msgpack-python-debugsource-0.4.6-3.3.1 susemanager-4.0.33-3.49.1 susemanager-tools-4.0.33-3.49.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): cobbler-3.0.0+git20190806.32c4bae0-7.19.1 mgr-osa-dispatcher-4.0.12-3.12.1 py26-compat-salt-2016.11.10-10.25.1 python3-mgr-osa-common-4.0.12-3.12.1 python3-mgr-osa-dispatcher-4.0.12-3.12.1 python3-rhnlib-4.0.13-3.14.1 python3-spacewalk-backend-libs-4.0.37-3.44.2 python3-spacewalk-client-tools-4.0.14-3.19.1 saltboot-formula-0.1.1615295998.2e55309-3.22.1 spacecmd-4.0.23-3.28.1 spacewalk-backend-4.0.37-3.44.2 spacewalk-backend-app-4.0.37-3.44.2 spacewalk-backend-applet-4.0.37-3.44.2 spacewalk-backend-config-files-4.0.37-3.44.2 spacewalk-backend-config-files-common-4.0.37-3.44.2 spacewalk-backend-config-files-tool-4.0.37-3.44.2 spacewalk-backend-iss-4.0.37-3.44.2 spacewalk-backend-iss-export-4.0.37-3.44.2 spacewalk-backend-package-push-server-4.0.37-3.44.2 spacewalk-backend-server-4.0.37-3.44.2 spacewalk-backend-sql-4.0.37-3.44.2 spacewalk-backend-sql-postgresql-4.0.37-3.44.2 spacewalk-backend-tools-4.0.37-3.44.2 spacewalk-backend-xml-export-libs-4.0.37-3.44.2 spacewalk-backend-xmlrpc-4.0.37-3.44.2 spacewalk-base-4.0.27-3.42.1 spacewalk-base-minimal-4.0.27-3.42.1 spacewalk-base-minimal-config-4.0.27-3.42.1 spacewalk-client-tools-4.0.14-3.19.1 spacewalk-config-4.0.16-3.13.1 spacewalk-html-4.0.27-3.42.1 spacewalk-java-4.0.42-3.54.1 spacewalk-java-config-4.0.42-3.54.1 spacewalk-java-lib-4.0.42-3.54.1 spacewalk-java-postgresql-4.0.42-3.54.1 spacewalk-setup-4.0.15-3.17.1 spacewalk-taskomatic-4.0.42-3.54.1 spacewalk-utils-4.0.20-3.27.1 susemanager-doc-indexes-4.0-10.33.1 susemanager-docs_en-4.0-10.33.1 susemanager-docs_en-pdf-4.0-10.33.1 susemanager-schema-4.0.25-3.38.1 susemanager-sls-4.0.34-3.45.1 susemanager-sync-data-4.0.21-3.35.1 susemanager-web-libs-4.0.27-3.42.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): mgr-osad-4.0.12-3.12.1 python3-mgr-osa-common-4.0.12-3.12.1 python3-mgr-osad-4.0.12-3.12.1 python3-rhnlib-4.0.13-3.14.1 python3-spacewalk-backend-libs-4.0.37-3.44.2 python3-spacewalk-check-4.0.14-3.19.1 python3-spacewalk-client-setup-4.0.14-3.19.1 python3-spacewalk-client-tools-4.0.14-3.19.1 python3-zypp-plugin-spacewalk-1.0.9-3.17.1 spacecmd-4.0.23-3.28.1 spacewalk-backend-4.0.37-3.44.2 spacewalk-base-minimal-4.0.27-3.42.1 spacewalk-base-minimal-config-4.0.27-3.42.1 spacewalk-check-4.0.14-3.19.1 spacewalk-client-setup-4.0.14-3.19.1 spacewalk-client-tools-4.0.14-3.19.1 spacewalk-proxy-broker-4.0.16-3.16.1 spacewalk-proxy-common-4.0.16-3.16.1 spacewalk-proxy-installer-4.0.14-3.9.1 spacewalk-proxy-management-4.0.16-3.16.1 spacewalk-proxy-package-manager-4.0.16-3.16.1 spacewalk-proxy-redirect-4.0.16-3.16.1 spacewalk-proxy-salt-4.0.16-3.16.1 zypp-plugin-spacewalk-1.0.9-3.17.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (x86_64): golang-github-boynux-squid_exporter-1.6-3.3.1 golang-github-boynux-squid_exporter-debuginfo-1.6-3.3.1 golang-github-lusitaniae-apache_exporter-0.7.0-3.11.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-3.11.1 References: https://bugzilla.suse.com/1157711 https://bugzilla.suse.com/1172287 https://bugzilla.suse.com/1173893 https://bugzilla.suse.com/1175660 https://bugzilla.suse.com/1179271 https://bugzilla.suse.com/1179579 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181228 https://bugzilla.suse.com/1181274 https://bugzilla.suse.com/1181290 https://bugzilla.suse.com/1181423 https://bugzilla.suse.com/1181807 https://bugzilla.suse.com/1181847 https://bugzilla.suse.com/1182008 https://bugzilla.suse.com/1182071 https://bugzilla.suse.com/1182197 https://bugzilla.suse.com/1182603 https://bugzilla.suse.com/1182771 https://bugzilla.suse.com/1182842 https://bugzilla.suse.com/1182916 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1183394 https://bugzilla.suse.com/1183661 https://bugzilla.suse.com/1183845 https://bugzilla.suse.com/1184179 https://bugzilla.suse.com/1184271 From sle-updates at lists.suse.com Thu Apr 15 19:59:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 21:59:33 +0200 (CEST) Subject: SUSE-RU-2021:14698-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415195933.508F7FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14698-1 Rating: moderate References: #1177474 #1181124 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202103-14698=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+82.1 salt-minion-3000+ds-1+82.1 spacecmd-4.1.11-23.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Thu Apr 15 20:00:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 22:00:33 +0200 (CEST) Subject: SUSE-RU-2021:1232-1: moderate: Recommended update for dracut-saltboot Message-ID: <20210415200033.77A14FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut-saltboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1232-1 Rating: moderate References: Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for dracut-saltboot provides the following fixes: - Use saltboot/defaults file. - Update to version 0.1.1614159840.ef7cad5. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1232=1 Package List: - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1614159840.ef7cad5-1.24.1 References: From sle-updates at lists.suse.com Thu Apr 15 20:01:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 22:01:23 +0200 (CEST) Subject: SUSE-RU-2021:14694-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415200123.8FA79FCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14694-1 Rating: moderate References: #1177474 #1181124 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-client-tools-202103-14694=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+79.1 salt-minion-3000+ds-1+79.1 spacecmd-4.1.11-23.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Thu Apr 15 20:02:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Apr 2021 22:02:24 +0200 (CEST) Subject: SUSE-RU-2021:1217-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210415200224.DFA8DFCF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1217-1 Rating: moderate References: #1177474 #1181124 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-1217=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.20.1 salt-minion-3000+ds-1+2.20.1 spacecmd-4.1.11-2.6.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Fri Apr 16 06:00:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 08:00:43 +0200 (CEST) Subject: SUSE-CU-2021:109-1: Recommended update of suse/sle15 Message-ID: <20210416060043.E4797B460FA@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:109-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.14.2.10 Container Release : 14.2.10 Severity : low Type : recommended References : 1181976 1182791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) From sle-updates at lists.suse.com Fri Apr 16 10:15:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 12:15:48 +0200 (CEST) Subject: SUSE-RU-2021:1235-1: moderate: Recommended update for numactl Message-ID: <20210416101548.B1D50FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for numactl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1235-1 Rating: moderate References: #1133098 #1181571 #1183796 #955334 #976199 SLE-17217 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes and contains one feature can now be installed. Description: This update for numactl fixes the following issues: - Enabled LTO (bsc#1133098) - Dropped the dependency from perl - it was no longer in use - Included sys/sysmacros.h to fix an issue when building this package from source (bsc#1181571, bsc#1183796) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1235=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1235=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libnuma1-2.0.14-4.3.1 libnuma1-debuginfo-2.0.14-4.3.1 numactl-debuginfo-2.0.14-4.3.1 numactl-debugsource-2.0.14-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libnuma-devel-2.0.14-4.3.1 libnuma1-2.0.14-4.3.1 libnuma1-debuginfo-2.0.14-4.3.1 numactl-2.0.14-4.3.1 numactl-debuginfo-2.0.14-4.3.1 numactl-debugsource-2.0.14-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libnuma1-32bit-2.0.14-4.3.1 libnuma1-32bit-debuginfo-2.0.14-4.3.1 References: https://bugzilla.suse.com/1133098 https://bugzilla.suse.com/1181571 https://bugzilla.suse.com/1183796 https://bugzilla.suse.com/955334 https://bugzilla.suse.com/976199 From sle-updates at lists.suse.com Fri Apr 16 10:17:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 12:17:17 +0200 (CEST) Subject: SUSE-RU-2021:1236-1: important: Recommended update for tcsh Message-ID: <20210416101717.F1B6CFD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1236-1 Rating: important References: #1179316 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcsh fixes the following issues: - Fixed an issue, where the history file continued growing, leading to csh processes consuming 100% of the CPU (bsc#1179316) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1236=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1236=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1236=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1236=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1236=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1236=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1236=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1236=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1236=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1236=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1236=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1236=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1236=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1236=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1236=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Manager Server 4.0 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Manager Retail Branch Server 4.0 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Manager Proxy 4.0 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Manager Proxy 4.0 (x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 - SUSE Enterprise Storage 6 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE CaaS Platform 4.0 (noarch): tcsh-lang-6.20.00-4.15.1 - SUSE CaaS Platform 4.0 (x86_64): tcsh-6.20.00-4.15.1 tcsh-debuginfo-6.20.00-4.15.1 tcsh-debugsource-6.20.00-4.15.1 References: https://bugzilla.suse.com/1179316 From sle-updates at lists.suse.com Fri Apr 16 13:15:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 15:15:59 +0200 (CEST) Subject: SUSE-SU-2021:14700-1: important: Security update for openldap2 Message-ID: <20210416131559.C6E35FD20@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14700-1 Rating: important References: #1182279 #1182408 #1182411 #1182412 #1182413 #1182415 #1182416 #1182417 #1182418 #1182419 #1182420 #1184020 Cross-References: CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 CVSS scores: CVE-2020-36221 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36221 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36223 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36223 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36224 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36225 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36225 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36226 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36226 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36227 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36227 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36228 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36228 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36229 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36229 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36230 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36230 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27212 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has one errata is now available. Description: This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. - resynchronise changelogs with subpackages (bsc#1184020). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openldap2-14700=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-14700=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openldap2-14700=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-14700=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openldap2-14700=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.74.26.1 libldap-2_4-2-2.4.26-0.74.26.1 openldap2-2.4.26-0.74.26.1 openldap2-back-meta-2.4.26-0.74.26.1 openldap2-client-2.4.26-0.74.26.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.74.26.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.74.26.1 openldap2-client-openssl1-2.4.26-0.74.26.1 openldap2-openssl1-2.4.26-0.74.26.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.74.26.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.74.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): compat-libldap-2_3-0-2.3.37-2.74.26.1 libldap-2_4-2-2.4.26-0.74.26.1 openldap2-2.4.26-0.74.26.1 openldap2-back-meta-2.4.26-0.74.26.1 openldap2-client-2.4.26-0.74.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.74.26.1 openldap2-client-debugsource-2.4.26-0.74.26.1 openldap2-debuginfo-2.4.26-0.74.26.1 openldap2-debugsource-2.4.26-0.74.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.74.26.1 openldap2-client-debugsource-2.4.26-0.74.26.1 openldap2-client-openssl1-debuginfo-2.4.26-0.74.26.1 openldap2-client-openssl1-debugsource-2.4.26-0.74.26.1 openldap2-debuginfo-2.4.26-0.74.26.1 openldap2-debugsource-2.4.26-0.74.26.1 References: https://www.suse.com/security/cve/CVE-2020-36221.html https://www.suse.com/security/cve/CVE-2020-36222.html https://www.suse.com/security/cve/CVE-2020-36223.html https://www.suse.com/security/cve/CVE-2020-36224.html https://www.suse.com/security/cve/CVE-2020-36225.html https://www.suse.com/security/cve/CVE-2020-36226.html https://www.suse.com/security/cve/CVE-2020-36227.html https://www.suse.com/security/cve/CVE-2020-36228.html https://www.suse.com/security/cve/CVE-2020-36229.html https://www.suse.com/security/cve/CVE-2020-36230.html https://www.suse.com/security/cve/CVE-2021-27212.html https://bugzilla.suse.com/1182279 https://bugzilla.suse.com/1182408 https://bugzilla.suse.com/1182411 https://bugzilla.suse.com/1182412 https://bugzilla.suse.com/1182413 https://bugzilla.suse.com/1182415 https://bugzilla.suse.com/1182416 https://bugzilla.suse.com/1182417 https://bugzilla.suse.com/1182418 https://bugzilla.suse.com/1182419 https://bugzilla.suse.com/1182420 https://bugzilla.suse.com/1184020 From sle-updates at lists.suse.com Fri Apr 16 13:18:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 15:18:17 +0200 (CEST) Subject: SUSE-SU-2021:1238-1: important: Security update for the Linux Kernel Message-ID: <20210416131817.C3A4CFD20@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1238-1 Rating: important References: #1047233 #1065729 #1113295 #1152472 #1152489 #1153274 #1154353 #1155518 #1156256 #1156395 #1159280 #1160634 #1167574 #1167773 #1168777 #1169514 #1169709 #1171295 #1173485 #1175995 #1177326 #1178163 #1178181 #1178330 #1179454 #1180197 #1180980 #1181383 #1181507 #1181674 #1181862 #1182011 #1182077 #1182485 #1182552 #1182574 #1182591 #1182595 #1182715 #1182716 #1182717 #1182770 #1182989 #1183015 #1183018 #1183022 #1183023 #1183048 #1183252 #1183277 #1183278 #1183279 #1183280 #1183281 #1183282 #1183283 #1183284 #1183285 #1183286 #1183287 #1183288 #1183366 #1183369 #1183386 #1183405 #1183412 #1183416 #1183427 #1183428 #1183445 #1183447 #1183501 #1183509 #1183530 #1183534 #1183540 #1183593 #1183596 #1183598 #1183637 #1183646 #1183662 #1183686 #1183692 #1183696 #1183750 #1183757 #1183775 #1183843 #1183859 #1183871 #1184074 #1184120 #1184167 #1184168 #1184170 #1184176 #1184192 #1184193 #1184194 #1184196 #1184198 #1184211 #1184217 #1184218 #1184219 #1184220 #1184224 #1184388 #1184391 #1184393 #1184485 #1184509 #1184511 #1184512 #1184514 #1184583 #1184585 #1184647 Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2019-18814 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18814 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19769 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2019-19769 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28375 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 33 vulnerabilities and has 86 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) - drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" -> (bsc#1152489) - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and kvm_exit events", bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1238=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1238=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1238=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1238=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1238=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1238=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1238=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.61.1 kernel-default-base-5.3.18-24.61.1.9.26.4 kernel-default-debuginfo-5.3.18-24.61.1 kernel-default-debugsource-5.3.18-24.61.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.61.1 kernel-default-debugsource-5.3.18-24.61.1 kernel-default-extra-5.3.18-24.61.1 kernel-default-extra-debuginfo-5.3.18-24.61.1 kernel-preempt-extra-5.3.18-24.61.1 kernel-preempt-extra-debuginfo-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.61.1 kernel-default-debugsource-5.3.18-24.61.1 kernel-default-livepatch-5.3.18-24.61.1 kernel-default-livepatch-devel-5.3.18-24.61.1 kernel-livepatch-5_3_18-24_61-default-1-5.3.4 kernel-livepatch-5_3_18-24_61-default-debuginfo-1-5.3.4 kernel-livepatch-SLE15-SP2_Update_12-debugsource-1-5.3.4 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.61.1 kernel-default-debugsource-5.3.18-24.61.1 reiserfs-kmp-default-5.3.18-24.61.1 reiserfs-kmp-default-debuginfo-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.61.1 kernel-obs-build-debugsource-5.3.18-24.61.1 kernel-syms-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.61.1 kernel-preempt-debugsource-5.3.18-24.61.1 kernel-preempt-devel-5.3.18-24.61.1 kernel-preempt-devel-debuginfo-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.61.1 kernel-source-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.61.1 kernel-default-base-5.3.18-24.61.1.9.26.4 kernel-default-debuginfo-5.3.18-24.61.1 kernel-default-debugsource-5.3.18-24.61.1 kernel-default-devel-5.3.18-24.61.1 kernel-default-devel-debuginfo-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.61.1 kernel-preempt-debuginfo-5.3.18-24.61.1 kernel-preempt-debugsource-5.3.18-24.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.61.1 kernel-macros-5.3.18-24.61.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.61.1 cluster-md-kmp-default-debuginfo-5.3.18-24.61.1 dlm-kmp-default-5.3.18-24.61.1 dlm-kmp-default-debuginfo-5.3.18-24.61.1 gfs2-kmp-default-5.3.18-24.61.1 gfs2-kmp-default-debuginfo-5.3.18-24.61.1 kernel-default-debuginfo-5.3.18-24.61.1 kernel-default-debugsource-5.3.18-24.61.1 ocfs2-kmp-default-5.3.18-24.61.1 ocfs2-kmp-default-debuginfo-5.3.18-24.61.1 References: https://www.suse.com/security/cve/CVE-2019-18814.html https://www.suse.com/security/cve/CVE-2019-19769.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28375.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156256 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159280 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168777 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1171295 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1180197 https://bugzilla.suse.com/1180980 https://bugzilla.suse.com/1181383 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182077 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182552 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182591 https://bugzilla.suse.com/1182595 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1182770 https://bugzilla.suse.com/1182989 https://bugzilla.suse.com/1183015 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183048 https://bugzilla.suse.com/1183252 https://bugzilla.suse.com/1183277 https://bugzilla.suse.com/1183278 https://bugzilla.suse.com/1183279 https://bugzilla.suse.com/1183280 https://bugzilla.suse.com/1183281 https://bugzilla.suse.com/1183282 https://bugzilla.suse.com/1183283 https://bugzilla.suse.com/1183284 https://bugzilla.suse.com/1183285 https://bugzilla.suse.com/1183286 https://bugzilla.suse.com/1183287 https://bugzilla.suse.com/1183288 https://bugzilla.suse.com/1183366 https://bugzilla.suse.com/1183369 https://bugzilla.suse.com/1183386 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183412 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183427 https://bugzilla.suse.com/1183428 https://bugzilla.suse.com/1183445 https://bugzilla.suse.com/1183447 https://bugzilla.suse.com/1183501 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183530 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183596 https://bugzilla.suse.com/1183598 https://bugzilla.suse.com/1183637 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183750 https://bugzilla.suse.com/1183757 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183843 https://bugzilla.suse.com/1183859 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184074 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184176 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184217 https://bugzilla.suse.com/1184218 https://bugzilla.suse.com/1184219 https://bugzilla.suse.com/1184220 https://bugzilla.suse.com/1184224 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184485 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184585 https://bugzilla.suse.com/1184647 From sle-updates at lists.suse.com Fri Apr 16 16:15:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:15:39 +0200 (CEST) Subject: SUSE-SU-2021:1243-1: important: Security update for qemu Message-ID: <20210416161539.F3B47FD20@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1243-1 Rating: important References: #1172385 #1173612 #1176673 #1176682 #1176684 #1178174 #1178400 #1178934 #1179466 #1179467 #1179468 #1179686 #1181108 #1182425 #1182577 #1182968 #1184064 Cross-References: CVE-2020-12829 CVE-2020-15469 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27616 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27616 (SUSE): 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27821 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-27821 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-28916 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29129 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 (SUSE): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385) - CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934) - CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673) - CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684) - CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682) - CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174) - CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468) - CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108) - CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686) - CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612) - CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577) - CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968) - CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968) - CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400) - CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064) - Added a few more usability improvements for our git packaging workflow Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1243=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1243=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1243=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): qemu-4.2.1-11.16.3 qemu-debuginfo-4.2.1-11.16.3 qemu-debugsource-4.2.1-11.16.3 qemu-tools-4.2.1-11.16.3 qemu-tools-debuginfo-4.2.1-11.16.3 - SUSE MicroOS 5.0 (aarch64): qemu-arm-4.2.1-11.16.3 qemu-arm-debuginfo-4.2.1-11.16.3 - SUSE MicroOS 5.0 (x86_64): qemu-x86-4.2.1-11.16.3 qemu-x86-debuginfo-4.2.1-11.16.3 - SUSE MicroOS 5.0 (noarch): qemu-ipxe-1.0.0+-11.16.3 qemu-seabios-1.12.1+-11.16.3 qemu-sgabios-8-11.16.3 qemu-vgabios-1.12.1+-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-4.2.1-11.16.3 qemu-block-curl-4.2.1-11.16.3 qemu-block-curl-debuginfo-4.2.1-11.16.3 qemu-block-iscsi-4.2.1-11.16.3 qemu-block-iscsi-debuginfo-4.2.1-11.16.3 qemu-block-rbd-4.2.1-11.16.3 qemu-block-rbd-debuginfo-4.2.1-11.16.3 qemu-block-ssh-4.2.1-11.16.3 qemu-block-ssh-debuginfo-4.2.1-11.16.3 qemu-debuginfo-4.2.1-11.16.3 qemu-debugsource-4.2.1-11.16.3 qemu-guest-agent-4.2.1-11.16.3 qemu-guest-agent-debuginfo-4.2.1-11.16.3 qemu-lang-4.2.1-11.16.3 qemu-ui-spice-app-4.2.1-11.16.3 qemu-ui-spice-app-debuginfo-4.2.1-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): qemu-kvm-4.2.1-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le): qemu-ppc-4.2.1-11.16.3 qemu-ppc-debuginfo-4.2.1-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): qemu-arm-4.2.1-11.16.3 qemu-arm-debuginfo-4.2.1-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-11.16.3 qemu-audio-alsa-debuginfo-4.2.1-11.16.3 qemu-audio-pa-4.2.1-11.16.3 qemu-audio-pa-debuginfo-4.2.1-11.16.3 qemu-ui-curses-4.2.1-11.16.3 qemu-ui-curses-debuginfo-4.2.1-11.16.3 qemu-ui-gtk-4.2.1-11.16.3 qemu-ui-gtk-debuginfo-4.2.1-11.16.3 qemu-x86-4.2.1-11.16.3 qemu-x86-debuginfo-4.2.1-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.16.3 qemu-microvm-4.2.1-11.16.3 qemu-seabios-1.12.1+-11.16.3 qemu-sgabios-8-11.16.3 qemu-vgabios-1.12.1+-11.16.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): qemu-s390-4.2.1-11.16.3 qemu-s390-debuginfo-4.2.1-11.16.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-4.2.1-11.16.3 qemu-debugsource-4.2.1-11.16.3 qemu-tools-4.2.1-11.16.3 qemu-tools-debuginfo-4.2.1-11.16.3 References: https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27616.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-27821.html https://www.suse.com/security/cve/CVE-2020-28916.html https://www.suse.com/security/cve/CVE-2020-29129.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178400 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179466 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1179468 https://bugzilla.suse.com/1179686 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 https://bugzilla.suse.com/1184064 From sle-updates at lists.suse.com Fri Apr 16 16:18:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:18:13 +0200 (CEST) Subject: SUSE-SU-2021:1245-1: important: Security update for qemu Message-ID: <20210416161813.D8310FD20@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1245-1 Rating: important References: #1172383 #1172384 #1172385 #1172386 #1172478 #1173612 #1174386 #1174641 #1175441 #1176673 #1176682 #1176684 #1178049 #1178174 #1178565 #1178934 #1179466 #1179467 #1179468 #1179686 #1180523 #1181108 #1181639 #1181933 #1182137 #1182425 #1182577 #1182968 #1183979 Cross-References: CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-16092 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-16092 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27821 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-27821 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-28916 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29129 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 (SUSE): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has four fixes is now available. Description: This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. (bsc#1178049) - Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) - Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386) - Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga at .service" error while updating the qemu-guest-agent. (bsc#1178565) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1245=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1245=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1245=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1245=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1245=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1245=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1245=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1245=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1245=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): qemu-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 - SUSE Manager Server 4.0 (s390x x86_64): qemu-kvm-3.1.1.1-9.24.3 - SUSE Manager Server 4.0 (ppc64le): qemu-ppc-3.1.1.1-9.24.3 qemu-ppc-debuginfo-3.1.1.1-9.24.3 - SUSE Manager Server 4.0 (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Manager Server 4.0 (x86_64): qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Manager Server 4.0 (s390x): qemu-s390-3.1.1.1-9.24.3 qemu-s390-debuginfo-3.1.1.1-9.24.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): qemu-3.1.1.1-9.24.3 qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Manager Retail Branch Server 4.0 (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Manager Proxy 4.0 (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Manager Proxy 4.0 (x86_64): qemu-3.1.1.1-9.24.3 qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): qemu-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le): qemu-ppc-3.1.1.1-9.24.3 qemu-ppc-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64): qemu-kvm-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-9.24.3 qemu-arm-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le): qemu-ppc-3.1.1.1-9.24.3 qemu-ppc-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): qemu-s390-3.1.1.1-9.24.3 qemu-s390-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): qemu-3.1.1.1-9.24.3 qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): qemu-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-9.24.3 qemu-arm-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): qemu-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): qemu-arm-3.1.1.1-9.24.3 qemu-arm-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): qemu-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 - SUSE Enterprise Storage 6 (aarch64): qemu-arm-3.1.1.1-9.24.3 qemu-arm-debuginfo-3.1.1.1-9.24.3 - SUSE Enterprise Storage 6 (x86_64): qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 - SUSE Enterprise Storage 6 (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE CaaS Platform 4.0 (noarch): qemu-ipxe-1.0.0+-9.24.3 qemu-seabios-1.12.0_0_ga698c89-9.24.3 qemu-sgabios-8-9.24.3 qemu-vgabios-1.12.0_0_ga698c89-9.24.3 - SUSE CaaS Platform 4.0 (x86_64): qemu-3.1.1.1-9.24.3 qemu-audio-alsa-3.1.1.1-9.24.3 qemu-audio-alsa-debuginfo-3.1.1.1-9.24.3 qemu-audio-oss-3.1.1.1-9.24.3 qemu-audio-oss-debuginfo-3.1.1.1-9.24.3 qemu-audio-pa-3.1.1.1-9.24.3 qemu-audio-pa-debuginfo-3.1.1.1-9.24.3 qemu-block-curl-3.1.1.1-9.24.3 qemu-block-curl-debuginfo-3.1.1.1-9.24.3 qemu-block-iscsi-3.1.1.1-9.24.3 qemu-block-iscsi-debuginfo-3.1.1.1-9.24.3 qemu-block-rbd-3.1.1.1-9.24.3 qemu-block-rbd-debuginfo-3.1.1.1-9.24.3 qemu-block-ssh-3.1.1.1-9.24.3 qemu-block-ssh-debuginfo-3.1.1.1-9.24.3 qemu-debuginfo-3.1.1.1-9.24.3 qemu-debugsource-3.1.1.1-9.24.3 qemu-guest-agent-3.1.1.1-9.24.3 qemu-guest-agent-debuginfo-3.1.1.1-9.24.3 qemu-kvm-3.1.1.1-9.24.3 qemu-lang-3.1.1.1-9.24.3 qemu-tools-3.1.1.1-9.24.3 qemu-tools-debuginfo-3.1.1.1-9.24.3 qemu-ui-curses-3.1.1.1-9.24.3 qemu-ui-curses-debuginfo-3.1.1.1-9.24.3 qemu-ui-gtk-3.1.1.1-9.24.3 qemu-ui-gtk-debuginfo-3.1.1.1-9.24.3 qemu-x86-3.1.1.1-9.24.3 qemu-x86-debuginfo-3.1.1.1-9.24.3 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-27821.html https://www.suse.com/security/cve/CVE-2020-28916.html https://www.suse.com/security/cve/CVE-2020-29129.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20221.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178565 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179466 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1179468 https://bugzilla.suse.com/1179686 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 https://bugzilla.suse.com/1183979 From sle-updates at lists.suse.com Fri Apr 16 16:21:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:21:53 +0200 (CEST) Subject: SUSE-SU-2021:1240-1: important: Security update for qemu Message-ID: <20210416162153.E5AE5FD20@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1240-1 Rating: important References: #1172383 #1172384 #1172385 #1172386 #1172478 #1173612 #1174386 #1174641 #1175441 #1176673 #1176682 #1176684 #1178174 #1178934 #1179467 #1179468 #1180523 #1181108 #1181639 #1182137 #1182425 #1182577 #1182968 Cross-References: CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-16092 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-16092 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386 - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1240=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1240=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1240=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1240=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1240=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1240=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): qemu-ipxe-1.0.0+-6.47.1 qemu-seabios-1.10.2_0_g5f4c7b1-6.47.1 qemu-sgabios-8-6.47.1 qemu-vgabios-1.10.2_0_g5f4c7b1-6.47.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): qemu-2.9.1-6.47.1 qemu-block-curl-2.9.1-6.47.1 qemu-block-curl-debuginfo-2.9.1-6.47.1 qemu-block-iscsi-2.9.1-6.47.1 qemu-block-iscsi-debuginfo-2.9.1-6.47.1 qemu-block-rbd-2.9.1-6.47.1 qemu-block-rbd-debuginfo-2.9.1-6.47.1 qemu-block-ssh-2.9.1-6.47.1 qemu-block-ssh-debuginfo-2.9.1-6.47.1 qemu-debugsource-2.9.1-6.47.1 qemu-guest-agent-2.9.1-6.47.1 qemu-guest-agent-debuginfo-2.9.1-6.47.1 qemu-kvm-2.9.1-6.47.1 qemu-lang-2.9.1-6.47.1 qemu-tools-2.9.1-6.47.1 qemu-tools-debuginfo-2.9.1-6.47.1 qemu-x86-2.9.1-6.47.1 qemu-x86-debuginfo-2.9.1-6.47.1 - SUSE OpenStack Cloud 8 (noarch): qemu-ipxe-1.0.0+-6.47.1 qemu-seabios-1.10.2_0_g5f4c7b1-6.47.1 qemu-sgabios-8-6.47.1 qemu-vgabios-1.10.2_0_g5f4c7b1-6.47.1 - SUSE OpenStack Cloud 8 (x86_64): qemu-2.9.1-6.47.1 qemu-block-curl-2.9.1-6.47.1 qemu-block-curl-debuginfo-2.9.1-6.47.1 qemu-block-iscsi-2.9.1-6.47.1 qemu-block-iscsi-debuginfo-2.9.1-6.47.1 qemu-block-rbd-2.9.1-6.47.1 qemu-block-rbd-debuginfo-2.9.1-6.47.1 qemu-block-ssh-2.9.1-6.47.1 qemu-block-ssh-debuginfo-2.9.1-6.47.1 qemu-debugsource-2.9.1-6.47.1 qemu-guest-agent-2.9.1-6.47.1 qemu-guest-agent-debuginfo-2.9.1-6.47.1 qemu-kvm-2.9.1-6.47.1 qemu-lang-2.9.1-6.47.1 qemu-tools-2.9.1-6.47.1 qemu-tools-debuginfo-2.9.1-6.47.1 qemu-x86-2.9.1-6.47.1 qemu-x86-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): qemu-2.9.1-6.47.1 qemu-block-curl-2.9.1-6.47.1 qemu-block-curl-debuginfo-2.9.1-6.47.1 qemu-block-iscsi-2.9.1-6.47.1 qemu-block-iscsi-debuginfo-2.9.1-6.47.1 qemu-block-ssh-2.9.1-6.47.1 qemu-block-ssh-debuginfo-2.9.1-6.47.1 qemu-debugsource-2.9.1-6.47.1 qemu-guest-agent-2.9.1-6.47.1 qemu-guest-agent-debuginfo-2.9.1-6.47.1 qemu-lang-2.9.1-6.47.1 qemu-tools-2.9.1-6.47.1 qemu-tools-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.47.1 qemu-ppc-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): qemu-block-rbd-2.9.1-6.47.1 qemu-block-rbd-debuginfo-2.9.1-6.47.1 qemu-kvm-2.9.1-6.47.1 qemu-x86-2.9.1-6.47.1 qemu-x86-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.47.1 qemu-seabios-1.10.2_0_g5f4c7b1-6.47.1 qemu-sgabios-8-6.47.1 qemu-vgabios-1.10.2_0_g5f4c7b1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.47.1 qemu-block-curl-2.9.1-6.47.1 qemu-block-curl-debuginfo-2.9.1-6.47.1 qemu-block-iscsi-2.9.1-6.47.1 qemu-block-iscsi-debuginfo-2.9.1-6.47.1 qemu-block-ssh-2.9.1-6.47.1 qemu-block-ssh-debuginfo-2.9.1-6.47.1 qemu-debugsource-2.9.1-6.47.1 qemu-guest-agent-2.9.1-6.47.1 qemu-guest-agent-debuginfo-2.9.1-6.47.1 qemu-lang-2.9.1-6.47.1 qemu-tools-2.9.1-6.47.1 qemu-tools-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 x86_64): qemu-block-rbd-2.9.1-6.47.1 qemu-block-rbd-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): qemu-kvm-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): qemu-ppc-2.9.1-6.47.1 qemu-ppc-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): qemu-arm-2.9.1-6.47.1 qemu-arm-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): qemu-x86-2.9.1-6.47.1 qemu-x86-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): qemu-ipxe-1.0.0+-6.47.1 qemu-seabios-1.10.2_0_g5f4c7b1-6.47.1 qemu-sgabios-8-6.47.1 qemu-vgabios-1.10.2_0_g5f4c7b1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): qemu-s390-2.9.1-6.47.1 qemu-s390-debuginfo-2.9.1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): qemu-ipxe-1.0.0+-6.47.1 qemu-seabios-1.10.2_0_g5f4c7b1-6.47.1 qemu-sgabios-8-6.47.1 qemu-vgabios-1.10.2_0_g5f4c7b1-6.47.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): qemu-2.9.1-6.47.1 qemu-block-curl-2.9.1-6.47.1 qemu-block-curl-debuginfo-2.9.1-6.47.1 qemu-block-iscsi-2.9.1-6.47.1 qemu-block-iscsi-debuginfo-2.9.1-6.47.1 qemu-block-rbd-2.9.1-6.47.1 qemu-block-rbd-debuginfo-2.9.1-6.47.1 qemu-block-ssh-2.9.1-6.47.1 qemu-block-ssh-debuginfo-2.9.1-6.47.1 qemu-debugsource-2.9.1-6.47.1 qemu-guest-agent-2.9.1-6.47.1 qemu-guest-agent-debuginfo-2.9.1-6.47.1 qemu-kvm-2.9.1-6.47.1 qemu-lang-2.9.1-6.47.1 qemu-tools-2.9.1-6.47.1 qemu-tools-debuginfo-2.9.1-6.47.1 qemu-x86-2.9.1-6.47.1 qemu-x86-debuginfo-2.9.1-6.47.1 - HPE Helion Openstack 8 (x86_64): qemu-2.9.1-6.47.1 qemu-block-curl-2.9.1-6.47.1 qemu-block-curl-debuginfo-2.9.1-6.47.1 qemu-block-iscsi-2.9.1-6.47.1 qemu-block-iscsi-debuginfo-2.9.1-6.47.1 qemu-block-rbd-2.9.1-6.47.1 qemu-block-rbd-debuginfo-2.9.1-6.47.1 qemu-block-ssh-2.9.1-6.47.1 qemu-block-ssh-debuginfo-2.9.1-6.47.1 qemu-debugsource-2.9.1-6.47.1 qemu-guest-agent-2.9.1-6.47.1 qemu-guest-agent-debuginfo-2.9.1-6.47.1 qemu-kvm-2.9.1-6.47.1 qemu-lang-2.9.1-6.47.1 qemu-tools-2.9.1-6.47.1 qemu-tools-debuginfo-2.9.1-6.47.1 qemu-x86-2.9.1-6.47.1 qemu-x86-debuginfo-2.9.1-6.47.1 - HPE Helion Openstack 8 (noarch): qemu-ipxe-1.0.0+-6.47.1 qemu-seabios-1.10.2_0_g5f4c7b1-6.47.1 qemu-sgabios-8-6.47.1 qemu-vgabios-1.10.2_0_g5f4c7b1-6.47.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-28916.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1179468 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 From sle-updates at lists.suse.com Fri Apr 16 16:24:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:24:56 +0200 (CEST) Subject: SUSE-SU-2021:1241-1: important: Security update for qemu Message-ID: <20210416162456.64573FD20@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1241-1 Rating: important References: #1112499 #1119115 #1172383 #1172384 #1172385 #1172386 #1172478 #1173612 #1174386 #1174641 #1175441 #1176673 #1176682 #1176684 #1178174 #1178934 #1179466 #1179467 #1179468 #1180523 #1181108 #1181639 #1181933 #1182137 #1182425 #1182577 #1182968 Cross-References: CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-16092 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-16092 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29129 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 (SUSE): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves 24 vulnerabilities and has three fixes is now available. Description: This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1241=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1241=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1241=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1241=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): qemu-ipxe-1.0.0+-5.29.1 qemu-seabios-1.11.0_0_g63451fc-5.29.1 qemu-sgabios-8-5.29.1 qemu-vgabios-1.11.0_0_g63451fc-5.29.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): qemu-2.11.2-5.29.1 qemu-block-curl-2.11.2-5.29.1 qemu-block-curl-debuginfo-2.11.2-5.29.1 qemu-block-iscsi-2.11.2-5.29.1 qemu-block-iscsi-debuginfo-2.11.2-5.29.1 qemu-block-rbd-2.11.2-5.29.1 qemu-block-rbd-debuginfo-2.11.2-5.29.1 qemu-block-ssh-2.11.2-5.29.1 qemu-block-ssh-debuginfo-2.11.2-5.29.1 qemu-debugsource-2.11.2-5.29.1 qemu-guest-agent-2.11.2-5.29.1 qemu-guest-agent-debuginfo-2.11.2-5.29.1 qemu-kvm-2.11.2-5.29.1 qemu-lang-2.11.2-5.29.1 qemu-tools-2.11.2-5.29.1 qemu-tools-debuginfo-2.11.2-5.29.1 qemu-x86-2.11.2-5.29.1 - SUSE OpenStack Cloud 9 (x86_64): qemu-2.11.2-5.29.1 qemu-block-curl-2.11.2-5.29.1 qemu-block-curl-debuginfo-2.11.2-5.29.1 qemu-block-iscsi-2.11.2-5.29.1 qemu-block-iscsi-debuginfo-2.11.2-5.29.1 qemu-block-rbd-2.11.2-5.29.1 qemu-block-rbd-debuginfo-2.11.2-5.29.1 qemu-block-ssh-2.11.2-5.29.1 qemu-block-ssh-debuginfo-2.11.2-5.29.1 qemu-debugsource-2.11.2-5.29.1 qemu-guest-agent-2.11.2-5.29.1 qemu-guest-agent-debuginfo-2.11.2-5.29.1 qemu-kvm-2.11.2-5.29.1 qemu-lang-2.11.2-5.29.1 qemu-tools-2.11.2-5.29.1 qemu-tools-debuginfo-2.11.2-5.29.1 qemu-x86-2.11.2-5.29.1 - SUSE OpenStack Cloud 9 (noarch): qemu-ipxe-1.0.0+-5.29.1 qemu-seabios-1.11.0_0_g63451fc-5.29.1 qemu-sgabios-8-5.29.1 qemu-vgabios-1.11.0_0_g63451fc-5.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): qemu-2.11.2-5.29.1 qemu-block-curl-2.11.2-5.29.1 qemu-block-curl-debuginfo-2.11.2-5.29.1 qemu-block-iscsi-2.11.2-5.29.1 qemu-block-iscsi-debuginfo-2.11.2-5.29.1 qemu-block-ssh-2.11.2-5.29.1 qemu-block-ssh-debuginfo-2.11.2-5.29.1 qemu-debugsource-2.11.2-5.29.1 qemu-guest-agent-2.11.2-5.29.1 qemu-guest-agent-debuginfo-2.11.2-5.29.1 qemu-lang-2.11.2-5.29.1 qemu-tools-2.11.2-5.29.1 qemu-tools-debuginfo-2.11.2-5.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): qemu-ppc-2.11.2-5.29.1 qemu-ppc-debuginfo-2.11.2-5.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.29.1 qemu-seabios-1.11.0_0_g63451fc-5.29.1 qemu-sgabios-8-5.29.1 qemu-vgabios-1.11.0_0_g63451fc-5.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): qemu-block-rbd-2.11.2-5.29.1 qemu-block-rbd-debuginfo-2.11.2-5.29.1 qemu-kvm-2.11.2-5.29.1 qemu-x86-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): qemu-2.11.2-5.29.1 qemu-block-curl-2.11.2-5.29.1 qemu-block-curl-debuginfo-2.11.2-5.29.1 qemu-block-iscsi-2.11.2-5.29.1 qemu-block-iscsi-debuginfo-2.11.2-5.29.1 qemu-block-ssh-2.11.2-5.29.1 qemu-block-ssh-debuginfo-2.11.2-5.29.1 qemu-debugsource-2.11.2-5.29.1 qemu-guest-agent-2.11.2-5.29.1 qemu-guest-agent-debuginfo-2.11.2-5.29.1 qemu-lang-2.11.2-5.29.1 qemu-tools-2.11.2-5.29.1 qemu-tools-debuginfo-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 x86_64): qemu-block-rbd-2.11.2-5.29.1 qemu-block-rbd-debuginfo-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): qemu-kvm-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): qemu-ppc-2.11.2-5.29.1 qemu-ppc-debuginfo-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): qemu-arm-2.11.2-5.29.1 qemu-arm-debuginfo-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): qemu-ipxe-1.0.0+-5.29.1 qemu-seabios-1.11.0_0_g63451fc-5.29.1 qemu-sgabios-8-5.29.1 qemu-vgabios-1.11.0_0_g63451fc-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): qemu-x86-2.11.2-5.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): qemu-s390-2.11.2-5.29.1 qemu-s390-debuginfo-2.11.2-5.29.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-28916.html https://www.suse.com/security/cve/CVE-2020-29129.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20221.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1112499 https://bugzilla.suse.com/1119115 https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179466 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1179468 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 From sle-updates at lists.suse.com Fri Apr 16 16:28:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:28:24 +0200 (CEST) Subject: SUSE-SU-2021:1244-1: important: Security update for qemu Message-ID: <20210416162824.3DFADFD20@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1244-1 Rating: important References: #1129962 #1154790 #1172383 #1172384 #1172385 #1172386 #1172478 #1173612 #1174386 #1174641 #1175441 #1176673 #1176682 #1176684 #1178174 #1178565 #1178934 #1179466 #1179467 #1179468 #1180523 #1181108 #1181639 #1181933 #1182137 #1182425 #1182577 #1182968 Cross-References: CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-16092 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-16092 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29129 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 (SUSE): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves 24 vulnerabilities and has four fixes is now available. Description: This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386 - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962) - Fix migration failure with error message: "error while loading state section id 3(ram) (bsc#1154790) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) - Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel - Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga at .service" error while updating the qemu-guest-agent. (bsc#1178565) - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1244=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1244=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1244=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1244=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): qemu-2.11.2-9.43.1 qemu-block-curl-2.11.2-9.43.1 qemu-block-curl-debuginfo-2.11.2-9.43.1 qemu-block-iscsi-2.11.2-9.43.1 qemu-block-iscsi-debuginfo-2.11.2-9.43.1 qemu-block-rbd-2.11.2-9.43.1 qemu-block-rbd-debuginfo-2.11.2-9.43.1 qemu-block-ssh-2.11.2-9.43.1 qemu-block-ssh-debuginfo-2.11.2-9.43.1 qemu-debuginfo-2.11.2-9.43.1 qemu-debugsource-2.11.2-9.43.1 qemu-guest-agent-2.11.2-9.43.1 qemu-guest-agent-debuginfo-2.11.2-9.43.1 qemu-lang-2.11.2-9.43.1 qemu-tools-2.11.2-9.43.1 qemu-tools-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): qemu-ppc-2.11.2-9.43.1 qemu-ppc-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): qemu-kvm-2.11.2-9.43.1 qemu-x86-2.11.2-9.43.1 qemu-x86-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): qemu-ipxe-1.0.0+-9.43.1 qemu-seabios-1.11.0_0_g63451fc-9.43.1 qemu-sgabios-8-9.43.1 qemu-vgabios-1.11.0_0_g63451fc-9.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): qemu-2.11.2-9.43.1 qemu-block-curl-2.11.2-9.43.1 qemu-block-curl-debuginfo-2.11.2-9.43.1 qemu-block-iscsi-2.11.2-9.43.1 qemu-block-iscsi-debuginfo-2.11.2-9.43.1 qemu-block-rbd-2.11.2-9.43.1 qemu-block-rbd-debuginfo-2.11.2-9.43.1 qemu-block-ssh-2.11.2-9.43.1 qemu-block-ssh-debuginfo-2.11.2-9.43.1 qemu-debuginfo-2.11.2-9.43.1 qemu-debugsource-2.11.2-9.43.1 qemu-guest-agent-2.11.2-9.43.1 qemu-guest-agent-debuginfo-2.11.2-9.43.1 qemu-lang-2.11.2-9.43.1 qemu-tools-2.11.2-9.43.1 qemu-tools-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): qemu-arm-2.11.2-9.43.1 qemu-arm-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): qemu-ipxe-1.0.0+-9.43.1 qemu-vgabios-1.11.0_0_g63451fc-9.43.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): qemu-kvm-2.11.2-9.43.1 qemu-s390-2.11.2-9.43.1 qemu-s390-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): qemu-2.11.2-9.43.1 qemu-block-curl-2.11.2-9.43.1 qemu-block-curl-debuginfo-2.11.2-9.43.1 qemu-block-iscsi-2.11.2-9.43.1 qemu-block-iscsi-debuginfo-2.11.2-9.43.1 qemu-block-rbd-2.11.2-9.43.1 qemu-block-rbd-debuginfo-2.11.2-9.43.1 qemu-block-ssh-2.11.2-9.43.1 qemu-block-ssh-debuginfo-2.11.2-9.43.1 qemu-debuginfo-2.11.2-9.43.1 qemu-debugsource-2.11.2-9.43.1 qemu-guest-agent-2.11.2-9.43.1 qemu-guest-agent-debuginfo-2.11.2-9.43.1 qemu-lang-2.11.2-9.43.1 qemu-tools-2.11.2-9.43.1 qemu-tools-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): qemu-arm-2.11.2-9.43.1 qemu-arm-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): qemu-ipxe-1.0.0+-9.43.1 qemu-seabios-1.11.0_0_g63451fc-9.43.1 qemu-sgabios-8-9.43.1 qemu-vgabios-1.11.0_0_g63451fc-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): qemu-kvm-2.11.2-9.43.1 qemu-x86-2.11.2-9.43.1 qemu-x86-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): qemu-2.11.2-9.43.1 qemu-block-curl-2.11.2-9.43.1 qemu-block-curl-debuginfo-2.11.2-9.43.1 qemu-block-iscsi-2.11.2-9.43.1 qemu-block-iscsi-debuginfo-2.11.2-9.43.1 qemu-block-rbd-2.11.2-9.43.1 qemu-block-rbd-debuginfo-2.11.2-9.43.1 qemu-block-ssh-2.11.2-9.43.1 qemu-block-ssh-debuginfo-2.11.2-9.43.1 qemu-debuginfo-2.11.2-9.43.1 qemu-debugsource-2.11.2-9.43.1 qemu-guest-agent-2.11.2-9.43.1 qemu-guest-agent-debuginfo-2.11.2-9.43.1 qemu-lang-2.11.2-9.43.1 qemu-tools-2.11.2-9.43.1 qemu-tools-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): qemu-arm-2.11.2-9.43.1 qemu-arm-debuginfo-2.11.2-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): qemu-ipxe-1.0.0+-9.43.1 qemu-seabios-1.11.0_0_g63451fc-9.43.1 qemu-sgabios-8-9.43.1 qemu-vgabios-1.11.0_0_g63451fc-9.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): qemu-kvm-2.11.2-9.43.1 qemu-x86-2.11.2-9.43.1 qemu-x86-debuginfo-2.11.2-9.43.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-28916.html https://www.suse.com/security/cve/CVE-2020-29129.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20221.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1129962 https://bugzilla.suse.com/1154790 https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178565 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179466 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1179468 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 From sle-updates at lists.suse.com Fri Apr 16 16:31:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:31:47 +0200 (CEST) Subject: SUSE-SU-2021:1248-1: important: Security update for the Linux Kernel Message-ID: <20210416163147.5242FFD20@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1248-1 Rating: important References: #1065729 #1113295 #1178181 #1181507 #1183405 #1183755 #1184120 #1184170 #1184391 #1184393 #1184397 #1184494 #1184511 #1184583 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36311 CVE-2021-20219 CVE-2021-29154 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397). The following non-security bugs were fixed: - cifs: do not send close in compound create+close requests (bsc#1181507). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - s390/pci: Fix s390_mmio_read/write with MIO (LTC#192079 bsc#1183755). - vsprintf: Do not have bprintf dereference pointers (bsc#1184494). - vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK) (bsc#1184494). - vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers (bsc#1184494). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (12sp5). - xen/events: fix setting irq affinity (bsc#1184583). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1248=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.53.1 kernel-azure-base-4.12.14-16.53.1 kernel-azure-base-debuginfo-4.12.14-16.53.1 kernel-azure-debuginfo-4.12.14-16.53.1 kernel-azure-debugsource-4.12.14-16.53.1 kernel-azure-devel-4.12.14-16.53.1 kernel-syms-azure-4.12.14-16.53.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.53.1 kernel-source-azure-4.12.14-16.53.1 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183755 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184494 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184583 From sle-updates at lists.suse.com Fri Apr 16 16:34:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:34:00 +0200 (CEST) Subject: SUSE-RU-2021:1246-1: important: Recommended update for systemd Message-ID: <20210416163400.39B11FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1246-1 Rating: important References: #1178219 #1180020 #1180083 #1183094 #1183790 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Fixed an issue, where Restart=on-abort was not respected based on the exit status of the main process (bsc#1183790) - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. - Fixed an error when building systemd systemd-mini, caused by a change in systemd-rpm-macros (bsc#1183094) - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) - Fixed a memory leak in systemctl daemon-reload (bsc#1180020) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1246=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1246=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.24.1 systemd-debuginfo-228-157.24.1 systemd-debugsource-228-157.24.1 systemd-devel-228-157.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.24.1 libsystemd0-debuginfo-228-157.24.1 libudev-devel-228-157.24.1 libudev1-228-157.24.1 libudev1-debuginfo-228-157.24.1 systemd-228-157.24.1 systemd-debuginfo-228-157.24.1 systemd-debugsource-228-157.24.1 systemd-devel-228-157.24.1 systemd-sysvinit-228-157.24.1 udev-228-157.24.1 udev-debuginfo-228-157.24.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.24.1 libsystemd0-debuginfo-32bit-228-157.24.1 libudev1-32bit-228-157.24.1 libudev1-debuginfo-32bit-228-157.24.1 systemd-32bit-228-157.24.1 systemd-debuginfo-32bit-228-157.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.24.1 References: https://bugzilla.suse.com/1178219 https://bugzilla.suse.com/1180020 https://bugzilla.suse.com/1180083 https://bugzilla.suse.com/1183094 https://bugzilla.suse.com/1183790 From sle-updates at lists.suse.com Fri Apr 16 16:35:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:35:28 +0200 (CEST) Subject: SUSE-SU-2021:1242-1: important: Security update for qemu Message-ID: <20210416163528.D269BFD20@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1242-1 Rating: important References: #1172383 #1172385 #1172386 #1172478 #1173612 #1176673 #1176682 #1176684 #1178049 #1178174 #1178934 #1179466 #1179467 #1179468 #1179686 #1179725 #1179726 #1180523 #1181108 #1181639 #1181933 #1182137 #1182425 #1182577 #1182968 #1183979 Cross-References: CVE-2020-11947 CVE-2020-12829 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-15469 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27821 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-27821 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-28916 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29129 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 (SUSE): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 5 fixes is now available. Description: This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb iehci packet handling (CVE-2020-25084, bsc#1176673) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. (bsc#1178049) - Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Make note that this patch previously included addresses (CVE-2020-13765 bsc#1172478) - Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel - Fix vfio-pci device on s390 enters error state (bsc#1179725) - Fix PCI devices are unavailable after a subsystem reset. (bsc#1179726) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1242=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-48.2 qemu-audio-alsa-3.1.1.1-48.2 qemu-audio-alsa-debuginfo-3.1.1.1-48.2 qemu-audio-oss-3.1.1.1-48.2 qemu-audio-oss-debuginfo-3.1.1.1-48.2 qemu-audio-pa-3.1.1.1-48.2 qemu-audio-pa-debuginfo-3.1.1.1-48.2 qemu-audio-sdl-3.1.1.1-48.2 qemu-audio-sdl-debuginfo-3.1.1.1-48.2 qemu-block-curl-3.1.1.1-48.2 qemu-block-curl-debuginfo-3.1.1.1-48.2 qemu-block-iscsi-3.1.1.1-48.2 qemu-block-iscsi-debuginfo-3.1.1.1-48.2 qemu-block-ssh-3.1.1.1-48.2 qemu-block-ssh-debuginfo-3.1.1.1-48.2 qemu-debugsource-3.1.1.1-48.2 qemu-guest-agent-3.1.1.1-48.2 qemu-guest-agent-debuginfo-3.1.1.1-48.2 qemu-lang-3.1.1.1-48.2 qemu-tools-3.1.1.1-48.2 qemu-tools-debuginfo-3.1.1.1-48.2 qemu-ui-curses-3.1.1.1-48.2 qemu-ui-curses-debuginfo-3.1.1.1-48.2 qemu-ui-gtk-3.1.1.1-48.2 qemu-ui-gtk-debuginfo-3.1.1.1-48.2 qemu-ui-sdl-3.1.1.1-48.2 qemu-ui-sdl-debuginfo-3.1.1.1-48.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): qemu-block-rbd-3.1.1.1-48.2 qemu-block-rbd-debuginfo-3.1.1.1-48.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): qemu-kvm-3.1.1.1-48.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): qemu-ppc-3.1.1.1-48.2 qemu-ppc-debuginfo-3.1.1.1-48.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64): qemu-arm-3.1.1.1-48.2 qemu-arm-debuginfo-3.1.1.1-48.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): qemu-x86-3.1.1.1-48.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): qemu-ipxe-1.0.0+-48.2 qemu-seabios-1.12.0_0_ga698c89-48.2 qemu-sgabios-8-48.2 qemu-vgabios-1.12.0_0_ga698c89-48.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): qemu-s390-3.1.1.1-48.2 qemu-s390-debuginfo-3.1.1.1-48.2 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-27821.html https://www.suse.com/security/cve/CVE-2020-28916.html https://www.suse.com/security/cve/CVE-2020-29129.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20221.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179466 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1179468 https://bugzilla.suse.com/1179686 https://bugzilla.suse.com/1179725 https://bugzilla.suse.com/1179726 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 https://bugzilla.suse.com/1183979 From sle-updates at lists.suse.com Fri Apr 16 16:38:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 18:38:46 +0200 (CEST) Subject: SUSE-RU-2021:1247-1: important: Recommended update for systemd Message-ID: <20210416163846.B5175FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1247-1 Rating: important References: #1141597 #1174436 #1178219 #1179363 #1179824 #1180020 #1180083 #1180596 #1180885 #1183094 #1183790 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. - Fixed a memory leak in systemctl daemon-reload (bsc#1180020) - Fixed a crash in systemd-journald upon activation of persistent journal (bsc#1179824) - Fixed an error when building systemd systemd-mini, caused by a change in systemd-rpm-macros (bsc#1183094) - Fixed a race condition at device creation and sound.target dependencies (bsc#1179363) - Fixed an issue, where Restart=on-abort was not respected based on the exit status of the main process (bsc#1183790) - Created a /dev/disk/by-label symlink for LUKS2 to be able to label crypto devices properly (bsc#1180885) - When /etc/localtime is missing, timezone UTC will be assumed (bsc#1141597) - Fix edge case when processing /proc/self/mountinfo (bsc#1180596) - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1247=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1247=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1247=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1247=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1247=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1247=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1247=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1247=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1247=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1247=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1247=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1247=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1247=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): systemd-bash-completion-228-150.95.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): systemd-bash-completion-228-150.95.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE OpenStack Cloud 9 (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE OpenStack Cloud 9 (noarch): systemd-bash-completion-228-150.95.1 - SUSE OpenStack Cloud 8 (noarch): systemd-bash-completion-228-150.95.1 - SUSE OpenStack Cloud 8 (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsystemd0-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-debuginfo-228-150.95.1 systemd-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsystemd0-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-debuginfo-228-150.95.1 systemd-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-debuginfo-228-150.95.1 systemd-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-debuginfo-228-150.95.1 systemd-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): systemd-bash-completion-228-150.95.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.95.1 - HPE Helion Openstack 8 (x86_64): libsystemd0-228-150.95.1 libsystemd0-32bit-228-150.95.1 libsystemd0-debuginfo-228-150.95.1 libsystemd0-debuginfo-32bit-228-150.95.1 libudev-devel-228-150.95.1 libudev1-228-150.95.1 libudev1-32bit-228-150.95.1 libudev1-debuginfo-228-150.95.1 libudev1-debuginfo-32bit-228-150.95.1 systemd-228-150.95.1 systemd-32bit-228-150.95.1 systemd-debuginfo-228-150.95.1 systemd-debuginfo-32bit-228-150.95.1 systemd-debugsource-228-150.95.1 systemd-devel-228-150.95.1 systemd-sysvinit-228-150.95.1 udev-228-150.95.1 udev-debuginfo-228-150.95.1 - HPE Helion Openstack 8 (noarch): systemd-bash-completion-228-150.95.1 References: https://bugzilla.suse.com/1141597 https://bugzilla.suse.com/1174436 https://bugzilla.suse.com/1178219 https://bugzilla.suse.com/1179363 https://bugzilla.suse.com/1179824 https://bugzilla.suse.com/1180020 https://bugzilla.suse.com/1180083 https://bugzilla.suse.com/1180596 https://bugzilla.suse.com/1180885 https://bugzilla.suse.com/1183094 https://bugzilla.suse.com/1183790 From sle-updates at lists.suse.com Fri Apr 16 19:15:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Apr 2021 21:15:22 +0200 (CEST) Subject: SUSE-RU-2021:1249-1: important: Recommended update for python36-pip Message-ID: <20210416191522.7F342FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36-pip ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1249-1 Rating: important References: #1183114 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python36-pip fixes the following issue: - Make the bundled CA independent from import resources which are available only since Python 3.7. (bsc#1183114) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1249=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python36-pip-20.2.4-8.6.1 References: https://bugzilla.suse.com/1183114 From sle-updates at lists.suse.com Sat Apr 17 06:07:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Apr 2021 08:07:20 +0200 (CEST) Subject: SUSE-CU-2021:110-1: Recommended update of suse/sles12sp3 Message-ID: <20210417060720.85465B461E6@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:110-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.242 , suse/sles12sp3:latest Container Release : 24.242 Severity : important Type : recommended References : 1141597 1174436 1178219 1179363 1179824 1180020 1180083 1180596 1180885 1183094 1183790 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1247-1 Released: Fri Apr 16 15:15:41 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1141597,1174436,1178219,1179363,1179824,1180020,1180083,1180596,1180885,1183094,1183790 This update for systemd fixes the following issues: - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. - Fixed a memory leak in systemctl daemon-reload (bsc#1180020) - Fixed a crash in systemd-journald upon activation of persistent journal (bsc#1179824) - Fixed an error when building systemd systemd-mini, caused by a change in systemd-rpm-macros (bsc#1183094) - Fixed a race condition at device creation and sound.target dependencies (bsc#1179363) - Fixed an issue, where Restart=on-abort was not respected based on the exit status of the main process (bsc#1183790) - Created a /dev/disk/by-label symlink for LUKS2 to be able to label crypto devices properly (bsc#1180885) - When /etc/localtime is missing, timezone UTC will be assumed (bsc#1141597) - Fix edge case when processing /proc/self/mountinfo (bsc#1180596) - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) From sle-updates at lists.suse.com Sat Apr 17 06:17:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Apr 2021 08:17:33 +0200 (CEST) Subject: SUSE-CU-2021:111-1: Recommended update of suse/sles12sp4 Message-ID: <20210417061733.3D0CDB461E6@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:111-1 Container Tags : suse/sles12sp4:26.276 , suse/sles12sp4:latest Container Release : 26.276 Severity : important Type : recommended References : 1141597 1174436 1178219 1179363 1179824 1180020 1180083 1180596 1180885 1183094 1183790 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1247-1 Released: Fri Apr 16 15:15:41 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1141597,1174436,1178219,1179363,1179824,1180020,1180083,1180596,1180885,1183094,1183790 This update for systemd fixes the following issues: - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. - Fixed a memory leak in systemctl daemon-reload (bsc#1180020) - Fixed a crash in systemd-journald upon activation of persistent journal (bsc#1179824) - Fixed an error when building systemd systemd-mini, caused by a change in systemd-rpm-macros (bsc#1183094) - Fixed a race condition at device creation and sound.target dependencies (bsc#1179363) - Fixed an issue, where Restart=on-abort was not respected based on the exit status of the main process (bsc#1183790) - Created a /dev/disk/by-label symlink for LUKS2 to be able to label crypto devices properly (bsc#1180885) - When /etc/localtime is missing, timezone UTC will be assumed (bsc#1141597) - Fix edge case when processing /proc/self/mountinfo (bsc#1180596) - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) From sle-updates at lists.suse.com Sat Apr 17 06:25:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Apr 2021 08:25:00 +0200 (CEST) Subject: SUSE-CU-2021:112-1: Recommended update of suse/sles12sp5 Message-ID: <20210417062500.126B2B461E6@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:112-1 Container Tags : suse/sles12sp5:6.5.162 , suse/sles12sp5:latest Container Release : 6.5.162 Severity : important Type : recommended References : 1178219 1180020 1180083 1183094 1183790 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1246-1 Released: Fri Apr 16 15:14:59 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178219,1180020,1180083,1183094,1183790 This update for systemd fixes the following issues: - Fixed an issue, where Restart=on-abort was not respected based on the exit status of the main process (bsc#1183790) - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. - Fixed an error when building systemd systemd-mini, caused by a change in systemd-rpm-macros (bsc#1183094) - Added a requirement for aaa_base >= 13.2 to stay compatible (bsc#1180083) - Fixed a memory leak in systemctl daemon-reload (bsc#1180020) From sle-updates at lists.suse.com Mon Apr 19 10:15:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 12:15:24 +0200 (CEST) Subject: SUSE-SU-2021:1250-1: important: Security update for xen Message-ID: <20210419101524.224ADFF1B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1250-1 Rating: important References: #1178591 #1182431 Cross-References: CVE-2021-27379 CVSS scores: CVE-2021-27379 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27379 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1250=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1250=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1250=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_24-3.56.1 xen-debugsource-4.10.4_24-3.56.1 xen-devel-4.10.4_24-3.56.1 xen-libs-4.10.4_24-3.56.1 xen-libs-debuginfo-4.10.4_24-3.56.1 xen-tools-4.10.4_24-3.56.1 xen-tools-debuginfo-4.10.4_24-3.56.1 xen-tools-domU-4.10.4_24-3.56.1 xen-tools-domU-debuginfo-4.10.4_24-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_24-3.56.1 xen-debugsource-4.10.4_24-3.56.1 xen-devel-4.10.4_24-3.56.1 xen-libs-4.10.4_24-3.56.1 xen-libs-debuginfo-4.10.4_24-3.56.1 xen-tools-4.10.4_24-3.56.1 xen-tools-debuginfo-4.10.4_24-3.56.1 xen-tools-domU-4.10.4_24-3.56.1 xen-tools-domU-debuginfo-4.10.4_24-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_24-3.56.1 xen-debugsource-4.10.4_24-3.56.1 xen-devel-4.10.4_24-3.56.1 xen-libs-4.10.4_24-3.56.1 xen-libs-debuginfo-4.10.4_24-3.56.1 xen-tools-4.10.4_24-3.56.1 xen-tools-debuginfo-4.10.4_24-3.56.1 xen-tools-domU-4.10.4_24-3.56.1 xen-tools-domU-debuginfo-4.10.4_24-3.56.1 References: https://www.suse.com/security/cve/CVE-2021-27379.html https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1182431 From sle-updates at lists.suse.com Mon Apr 19 10:16:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 12:16:33 +0200 (CEST) Subject: SUSE-SU-2021:1252-1: important: Security update for xen Message-ID: <20210419101633.C133CFF1B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1252-1 Rating: important References: #1182431 #1182846 Cross-References: CVE-2021-20257 CVE-2021-27379 CVSS scores: CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-27379 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27379 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-20257: xen: infinite loop issue in the e1000 NIC emulator (bsc#1182846). - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1252=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1252=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1252=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1252=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1252=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1252=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 References: https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-27379.html https://bugzilla.suse.com/1182431 https://bugzilla.suse.com/1182846 From sle-updates at lists.suse.com Mon Apr 19 10:17:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 12:17:44 +0200 (CEST) Subject: SUSE-SU-2021:1251-1: important: Security update for xen Message-ID: <20210419101744.3E490FF1B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1251-1 Rating: important References: #1178591 #1182431 #1182846 Cross-References: CVE-2021-20257 CVE-2021-27379 CVSS scores: CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-27379 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27379 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1251=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1251=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1251=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1251=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_16-2.51.1 xen-debugsource-4.11.4_16-2.51.1 xen-doc-html-4.11.4_16-2.51.1 xen-libs-32bit-4.11.4_16-2.51.1 xen-libs-4.11.4_16-2.51.1 xen-libs-debuginfo-32bit-4.11.4_16-2.51.1 xen-libs-debuginfo-4.11.4_16-2.51.1 xen-tools-4.11.4_16-2.51.1 xen-tools-debuginfo-4.11.4_16-2.51.1 xen-tools-domU-4.11.4_16-2.51.1 xen-tools-domU-debuginfo-4.11.4_16-2.51.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_16-2.51.1 xen-debugsource-4.11.4_16-2.51.1 xen-doc-html-4.11.4_16-2.51.1 xen-libs-32bit-4.11.4_16-2.51.1 xen-libs-4.11.4_16-2.51.1 xen-libs-debuginfo-32bit-4.11.4_16-2.51.1 xen-libs-debuginfo-4.11.4_16-2.51.1 xen-tools-4.11.4_16-2.51.1 xen-tools-debuginfo-4.11.4_16-2.51.1 xen-tools-domU-4.11.4_16-2.51.1 xen-tools-domU-debuginfo-4.11.4_16-2.51.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_16-2.51.1 xen-debugsource-4.11.4_16-2.51.1 xen-doc-html-4.11.4_16-2.51.1 xen-libs-32bit-4.11.4_16-2.51.1 xen-libs-4.11.4_16-2.51.1 xen-libs-debuginfo-32bit-4.11.4_16-2.51.1 xen-libs-debuginfo-4.11.4_16-2.51.1 xen-tools-4.11.4_16-2.51.1 xen-tools-debuginfo-4.11.4_16-2.51.1 xen-tools-domU-4.11.4_16-2.51.1 xen-tools-domU-debuginfo-4.11.4_16-2.51.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_16-2.51.1 xen-debugsource-4.11.4_16-2.51.1 xen-doc-html-4.11.4_16-2.51.1 xen-libs-32bit-4.11.4_16-2.51.1 xen-libs-4.11.4_16-2.51.1 xen-libs-debuginfo-32bit-4.11.4_16-2.51.1 xen-libs-debuginfo-4.11.4_16-2.51.1 xen-tools-4.11.4_16-2.51.1 xen-tools-debuginfo-4.11.4_16-2.51.1 xen-tools-domU-4.11.4_16-2.51.1 xen-tools-domU-debuginfo-4.11.4_16-2.51.1 References: https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-27379.html https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1182431 https://bugzilla.suse.com/1182846 From sle-updates at lists.suse.com Mon Apr 19 10:18:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 12:18:58 +0200 (CEST) Subject: SUSE-RU-2021:14701-1: moderate: Recommended update for iscsitarget Message-ID: <20210419101858.E0CEAFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for iscsitarget ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14701-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iscsitarget fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-iscsitarget-14701=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-iscsitarget-14701=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): iscsitarget-1.4.20-0.43.9.4 iscsitarget-kmp-default-1.4.20_3.0.101_108.123-0.43.9.4 iscsitarget-kmp-trace-1.4.20_3.0.101_108.123-0.43.9.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): iscsitarget-kmp-xen-1.4.20_3.0.101_108.123-0.43.9.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): iscsitarget-kmp-bigmem-1.4.20_3.0.101_108.123-0.43.9.4 iscsitarget-kmp-ppc64-1.4.20_3.0.101_108.123-0.43.9.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): iscsitarget-kmp-pae-1.4.20_3.0.101_108.123-0.43.9.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): iscsitarget-debuginfo-1.4.20-0.43.9.4 iscsitarget-debugsource-1.4.20-0.43.9.4 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 19 13:15:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 15:15:21 +0200 (CEST) Subject: SUSE-RU-2021:1256-1: moderate: Recommended update for grub2 Message-ID: <20210419131521.A8C6EFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1256-1 Rating: moderate References: #1181696 #1183761 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issue: - Fix executable stack marking in `grub-emu`. (bsc#1181696) - Solve a migration issue due to lower version in package build name. (bsc#1183761) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1256=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1256=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1256=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1256=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1256=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1256=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-120.2 grub2-debuginfo-2.02-120.2 grub2-debugsource-2.02-120.2 grub2-i386-pc-2.02-120.2 grub2-x86_64-efi-2.02-120.2 grub2-x86_64-xen-2.02-120.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-120.2 grub2-systemd-sleep-plugin-2.02-120.2 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-120.2 grub2-systemd-sleep-plugin-2.02-120.2 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-120.2 grub2-debuginfo-2.02-120.2 grub2-debugsource-2.02-120.2 grub2-i386-pc-2.02-120.2 grub2-x86_64-efi-2.02-120.2 grub2-x86_64-xen-2.02-120.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-120.2 grub2-debuginfo-2.02-120.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-120.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-120.2 grub2-systemd-sleep-plugin-2.02-120.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-120.2 grub2-i386-pc-2.02-120.2 grub2-x86_64-efi-2.02-120.2 grub2-x86_64-xen-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-120.2 grub2-debuginfo-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-120.2 grub2-x86_64-efi-2.02-120.2 grub2-x86_64-xen-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-120.2 grub2-systemd-sleep-plugin-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-120.2 grub2-systemd-sleep-plugin-2.02-120.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-120.2 grub2-debuginfo-2.02-120.2 grub2-debugsource-2.02-120.2 grub2-i386-pc-2.02-120.2 grub2-x86_64-efi-2.02-120.2 grub2-x86_64-xen-2.02-120.2 - HPE Helion Openstack 8 (x86_64): grub2-2.02-120.2 grub2-debuginfo-2.02-120.2 grub2-debugsource-2.02-120.2 grub2-i386-pc-2.02-120.2 grub2-x86_64-efi-2.02-120.2 grub2-x86_64-xen-2.02-120.2 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-120.2 grub2-systemd-sleep-plugin-2.02-120.2 References: https://bugzilla.suse.com/1181696 https://bugzilla.suse.com/1183761 From sle-updates at lists.suse.com Mon Apr 19 13:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 15:16:28 +0200 (CEST) Subject: SUSE-RU-2021:1255-1: important: Recommended update for drbd Message-ID: <20210419131628.A38A2FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1255-1 Rating: important References: #1178388 #1183970 Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd fixes the following issues: - drbd failed to detect a loss of synchronization under certain conditions, which meant that a "split brain" condition would not be recognized. This issue could potentially have lead to data loss. [bsc#1183970] - Fixed a build error with recent versions of the SLE-15-SP1 Linux kernel. [bsc#1178388] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1255=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1255=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): drbd-9.0.11+git.1e2bccdc-10.29.1 drbd-debugsource-9.0.11+git.1e2bccdc-10.29.1 drbd-kmp-default-9.0.11+git.1e2bccdc_k4.4.121_92.152-10.29.1 drbd-kmp-default-debuginfo-9.0.11+git.1e2bccdc_k4.4.121_92.152-10.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): drbd-9.0.11+git.1e2bccdc-10.29.1 drbd-debugsource-9.0.11+git.1e2bccdc-10.29.1 drbd-kmp-default-9.0.11+git.1e2bccdc_k4.4.121_92.152-10.29.1 drbd-kmp-default-debuginfo-9.0.11+git.1e2bccdc_k4.4.121_92.152-10.29.1 References: https://bugzilla.suse.com/1178388 https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Mon Apr 19 13:18:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 15:18:29 +0200 (CEST) Subject: SUSE-RU-2021:1254-1: important: Recommended update for drbd Message-ID: <20210419131829.42607FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1254-1 Rating: important References: #1183970 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - drbd failed to detect a loss of synchronization under certain conditions, which meant that a "split brain" condition would not be recognized. This issue could potentially have lead to data loss. [bsc#1183970] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1254=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-9.0.22~1+git.fe2b5983-3.10.2 drbd-debugsource-9.0.22~1+git.fe2b5983-3.10.2 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_24.61-3.10.2 drbd-kmp-default-debuginfo-9.0.22~1+git.fe2b5983_k5.3.18_24.61-3.10.2 References: https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Mon Apr 19 13:20:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 15:20:32 +0200 (CEST) Subject: SUSE-RU-2021:1257-1: moderate: Recommended update for grub2 Message-ID: <20210419132032.60D6BFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1257-1 Rating: moderate References: #1181696 #1183761 Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issue: - Fix a service pack migration issue due to a lower build number in higher service packs. (bsc#1183761) - Fix executable stack marking in `grub-emu`. (bsc#1181696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1257=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1257=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1257=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): grub2-2.02-115.62.1 grub2-debuginfo-2.02-115.62.1 grub2-debugsource-2.02-115.62.1 grub2-i386-pc-2.02-115.62.1 grub2-x86_64-efi-2.02-115.62.1 grub2-x86_64-xen-2.02-115.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): grub2-snapper-plugin-2.02-115.62.1 grub2-systemd-sleep-plugin-2.02-115.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): grub2-snapper-plugin-2.02-115.62.1 grub2-systemd-sleep-plugin-2.02-115.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): grub2-2.02-115.62.1 grub2-debuginfo-2.02-115.62.1 grub2-debugsource-2.02-115.62.1 grub2-i386-pc-2.02-115.62.1 grub2-x86_64-efi-2.02-115.62.1 grub2-x86_64-xen-2.02-115.62.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02-115.62.1 grub2-debuginfo-2.02-115.62.1 grub2-debugsource-2.02-115.62.1 grub2-i386-pc-2.02-115.62.1 grub2-x86_64-efi-2.02-115.62.1 grub2-x86_64-xen-2.02-115.62.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02-115.62.1 grub2-systemd-sleep-plugin-2.02-115.62.1 References: https://bugzilla.suse.com/1181696 https://bugzilla.suse.com/1183761 From sle-updates at lists.suse.com Mon Apr 19 16:15:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 18:15:25 +0200 (CEST) Subject: SUSE-RU-2021:1259-1: Recommended update for SUSE Manager 4.1.7.1 Release Notes Message-ID: <20210419161525.DB3C3FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.7.1 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1259-1 Rating: low References: #1184861 Affected Products: SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager 4.1.7.1 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.1.7.1 - Bugs mentioned: bsc#1184861 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-1259=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.7.1-3.47.1 References: https://bugzilla.suse.com/1184861 From sle-updates at lists.suse.com Mon Apr 19 16:22:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 18:22:01 +0200 (CEST) Subject: SUSE-RU-2021:1260-1: critical: Recommended update for SUSE Manager Server 4.1 Message-ID: <20210419162201.BFB7FFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1260-1 Rating: critical References: #1184861 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacewalk-java: - Fix for `mirrorlist` URLs when refreshing products. (bsc#1184861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1260=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): spacewalk-java-4.1.32-3.37.1 spacewalk-java-config-4.1.32-3.37.1 spacewalk-java-lib-4.1.32-3.37.1 spacewalk-java-postgresql-4.1.32-3.37.1 spacewalk-taskomatic-4.1.32-3.37.1 References: https://bugzilla.suse.com/1184861 From sle-updates at lists.suse.com Mon Apr 19 16:23:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 18:23:01 +0200 (CEST) Subject: SUSE-RU-2021:1261-1: important: Recommended update for drbd Message-ID: <20210419162301.F3D1EFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1261-1 Rating: important References: #1178388 #1183970 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd fixes the following issues: - drbd failed to detect a loss of synchronization under certain conditions, which meant that a "split brain" condition would not be recognized. This issue could potentially have lead to data loss. [bsc#1183970] - Fixed a build error with recent versions of the SLE-15-SP1 Linux kernel. [bsc#1178388] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1261=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-11.13.2 drbd-debugsource-9.0.14+git.62f906cf-11.13.2 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.66-11.13.2 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.66-11.13.2 References: https://bugzilla.suse.com/1178388 https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Mon Apr 19 19:15:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 21:15:11 +0200 (CEST) Subject: SUSE-RU-2021:1262-1: moderate: Recommended update for hawk2 Message-ID: <20210419191511.87E4CFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1262-1 Rating: moderate References: #1184274 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hawk2 fixes the following issues: - Fixed an isshe when wizards UI are not shown. (bsc#1184274) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1262=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.6.4+git.1618478925.fbddddd9-2.45.1 hawk2-debuginfo-2.6.4+git.1618478925.fbddddd9-2.45.1 hawk2-debugsource-2.6.4+git.1618478925.fbddddd9-2.45.1 References: https://bugzilla.suse.com/1184274 From sle-updates at lists.suse.com Mon Apr 19 19:18:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 21:18:44 +0200 (CEST) Subject: SUSE-RU-2021:1264-1: moderate: Recommended update for drbd Message-ID: <20210419191844.63DA7FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1264-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1264=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): crash-kmp-rt-7.2.1_k4.12.14_10.37-4.2.2 crash-kmp-rt-debuginfo-7.2.1_k4.12.14_10.37-4.2.2 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 19 19:24:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 21:24:51 +0200 (CEST) Subject: SUSE-RU-2021:1263-1: moderate: Recommended update for s390-tools Message-ID: <20210419192451.B8B4BFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1263-1 Rating: moderate References: #1183808 #1183810 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - Fixed an issue when the required data is not collected during run of 'dbginfo.sh'. (bsc#1183808) - Change default scheduler to reduce CPU consumption. (bsc#1183810) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1263=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.32.1 osasnmpd-debuginfo-2.1.0-18.32.1 s390-tools-2.1.0-18.32.1 s390-tools-debuginfo-2.1.0-18.32.1 s390-tools-debugsource-2.1.0-18.32.1 s390-tools-hmcdrvfs-2.1.0-18.32.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.32.1 s390-tools-zdsfs-2.1.0-18.32.1 s390-tools-zdsfs-debuginfo-2.1.0-18.32.1 References: https://bugzilla.suse.com/1183808 https://bugzilla.suse.com/1183810 From sle-updates at lists.suse.com Mon Apr 19 19:26:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Apr 2021 21:26:56 +0200 (CEST) Subject: SUSE-SU-2021:14702-1: important: Security update for xen Message-ID: <20210419192656.96D0BFF1B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14702-1 Rating: important References: #1182155 #1182846 #1182975 Cross-References: CVE-2021-20257 CVE-2021-3419 CVSS scores: CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3419 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-3419: Fixed a stack overflow induced by infinite recursion issue (bsc#1182975). - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) - xenstored crashing with segfault (bsc#1182155). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14702=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14702=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_48_3.0.101_108.123-61.64.1 xen-libs-4.4.4_48-61.64.1 xen-tools-domU-4.4.4_48-61.64.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_48-61.64.1 xen-doc-html-4.4.4_48-61.64.1 xen-libs-32bit-4.4.4_48-61.64.1 xen-tools-4.4.4_48-61.64.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_48_3.0.101_108.123-61.64.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_48-61.64.1 xen-debugsource-4.4.4_48-61.64.1 References: https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3419.html https://bugzilla.suse.com/1182155 https://bugzilla.suse.com/1182846 https://bugzilla.suse.com/1182975 From sle-updates at lists.suse.com Tue Apr 20 10:15:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 12:15:15 +0200 (CEST) Subject: SUSE-SU-2021:1266-1: important: Security update for the Linux Kernel Message-ID: <20210420101515.50C27FF1B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1266-1 Rating: important References: #1065729 #1113295 #1178181 #1181507 #1181674 #1183405 #1183662 #1183755 #1184114 #1184120 #1184170 #1184391 #1184393 #1184397 #1184494 #1184511 #1184583 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36311 CVE-2021-20219 CVE-2021-29154 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397). The following non-security bugs were fixed: - cifs: change noisy error message to FYI (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - fix setting irq affinity (bsc#1184583) - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - s390/pci: Fix s390_mmio_read/write with MIO (LTC#192079 bsc#1183755). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - usbip: fix stub_dev to check for stream socket (git-fixes). - usbip: fix vhci_hcd to check for stream socket (git-fixes). - virsh: list is showing less guests then "xl list" (bsc#1184513). - vsprintf: Do not have bprintf dereference pointers (bsc#1184494). - vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK) (bsc#1184494). - vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers (bsc#1184494). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1266=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.40.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.40.1 dlm-kmp-rt-4.12.14-10.40.1 dlm-kmp-rt-debuginfo-4.12.14-10.40.1 gfs2-kmp-rt-4.12.14-10.40.1 gfs2-kmp-rt-debuginfo-4.12.14-10.40.1 kernel-rt-4.12.14-10.40.1 kernel-rt-base-4.12.14-10.40.1 kernel-rt-base-debuginfo-4.12.14-10.40.1 kernel-rt-debuginfo-4.12.14-10.40.1 kernel-rt-debugsource-4.12.14-10.40.1 kernel-rt-devel-4.12.14-10.40.1 kernel-rt-devel-debuginfo-4.12.14-10.40.1 kernel-rt_debug-4.12.14-10.40.1 kernel-rt_debug-debuginfo-4.12.14-10.40.1 kernel-rt_debug-debugsource-4.12.14-10.40.1 kernel-rt_debug-devel-4.12.14-10.40.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.40.1 kernel-syms-rt-4.12.14-10.40.1 ocfs2-kmp-rt-4.12.14-10.40.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.40.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.40.1 kernel-source-rt-4.12.14-10.40.1 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183755 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184494 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184583 From sle-updates at lists.suse.com Tue Apr 20 13:16:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 15:16:16 +0200 (CEST) Subject: SUSE-SU-2021:1268-1: important: Security update for xen Message-ID: <20210420131616.CBA79FF1B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1268-1 Rating: important References: #1182155 #1182431 Cross-References: CVE-2021-27379 CVSS scores: CVE-2021-27379 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27379 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - Fixed an issue where xenstored was crashing with segfault (bsc#1182155). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1268=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1268=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_14-43.76.1 xen-debugsource-4.7.6_14-43.76.1 xen-doc-html-4.7.6_14-43.76.1 xen-libs-32bit-4.7.6_14-43.76.1 xen-libs-4.7.6_14-43.76.1 xen-libs-debuginfo-32bit-4.7.6_14-43.76.1 xen-libs-debuginfo-4.7.6_14-43.76.1 xen-tools-4.7.6_14-43.76.1 xen-tools-debuginfo-4.7.6_14-43.76.1 xen-tools-domU-4.7.6_14-43.76.1 xen-tools-domU-debuginfo-4.7.6_14-43.76.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_14-43.76.1 xen-debugsource-4.7.6_14-43.76.1 xen-doc-html-4.7.6_14-43.76.1 xen-libs-32bit-4.7.6_14-43.76.1 xen-libs-4.7.6_14-43.76.1 xen-libs-debuginfo-32bit-4.7.6_14-43.76.1 xen-libs-debuginfo-4.7.6_14-43.76.1 xen-tools-4.7.6_14-43.76.1 xen-tools-debuginfo-4.7.6_14-43.76.1 xen-tools-domU-4.7.6_14-43.76.1 xen-tools-domU-debuginfo-4.7.6_14-43.76.1 References: https://www.suse.com/security/cve/CVE-2021-27379.html https://bugzilla.suse.com/1182155 https://bugzilla.suse.com/1182431 From sle-updates at lists.suse.com Tue Apr 20 13:17:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 15:17:17 +0200 (CEST) Subject: SUSE-SU-2021:1267-1: important: Security update for sudo Message-ID: <20210420131717.112D3FF1B@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1267-1 Rating: important References: #1183936 Cross-References: CVE-2021-3156 CVSS scores: CVE-2021-3156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3156 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1267=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1267=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1267=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): sudo-1.8.10p3-10.35.1 sudo-debuginfo-1.8.10p3-10.35.1 sudo-debugsource-1.8.10p3-10.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): sudo-1.8.10p3-10.35.1 sudo-debuginfo-1.8.10p3-10.35.1 sudo-debugsource-1.8.10p3-10.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.35.1 sudo-debuginfo-1.8.10p3-10.35.1 sudo-debugsource-1.8.10p3-10.35.1 References: https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1183936 From sle-updates at lists.suse.com Tue Apr 20 16:15:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:15:57 +0200 (CEST) Subject: SUSE-RU-2021:1283-1: important: Recommended update for gnu-compilers-hpc Message-ID: <20210420161557.2AD10FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-compilers-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1283-1 Rating: important References: #1174439 ECO-2900 PM-2259 SLE-7765 SLE-8604 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix and contains four features can now be installed. Description: This update for gnu-compilers-hpc fixes the following issues: - Add build support for gcc10 to HPC build fix version parsing for gcc10 and up. (bsc#1174439, jsc#PM-2259, jsc#ECO-2900) for SLE-12 HPC: v.6, v.7, v.8 (jsc#SLE-7765) for SLE-15-SP2: add gcc v.9 (jsc#SLE-8604) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1283=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1283=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1283=1 - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2021-1283=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gcc-gij-32bit-4.8-8.2.1 gcc-gij-4.8-8.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gcc-fortran-4.8-8.2.1 gcc-gij-4.8-8.2.1 gcc-java-4.8-8.2.1 gcc-obj-c++-4.8-8.2.1 gcc-objc-4.8-8.2.1 libgcj-devel-4.8-8.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): gcc-objc-32bit-4.8-8.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): gcc-ada-4.8-8.2.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpp-4.8-8.2.1 gcc-4.8-8.2.1 gcc-c++-4.8-8.2.1 gcc-info-4.8-8.2.1 gcc-locale-4.8-8.2.1 libstdc++-devel-4.8-8.2.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): gcc-32bit-4.8-8.2.1 gcc-c++-32bit-4.8-8.2.1 libstdc++-devel-32bit-4.8-8.2.1 - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): gcc-fortran-4.8-8.2.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): gnu-compilers-hpc-1.4-15.6 gnu-compilers-hpc-devel-1.4-15.6 gnu-compilers-hpc-macros-devel-1.4-15.6 gnu10-compilers-hpc-1.4-15.5 gnu10-compilers-hpc-devel-1.4-15.5 gnu10-compilers-hpc-macros-devel-1.4-15.5 gnu6-compilers-hpc-1.4-15.6 gnu6-compilers-hpc-devel-1.4-15.6 gnu6-compilers-hpc-macros-devel-1.4-15.6 gnu7-compilers-hpc-1.4-15.5 gnu7-compilers-hpc-devel-1.4-15.5 gnu7-compilers-hpc-macros-devel-1.4-15.5 gnu8-compilers-hpc-1.4-15.5 gnu8-compilers-hpc-devel-1.4-15.5 gnu8-compilers-hpc-macros-devel-1.4-15.5 gnu9-compilers-hpc-1.4-15.5 gnu9-compilers-hpc-devel-1.4-15.5 gnu9-compilers-hpc-macros-devel-1.4-15.5 - SUSE Linux Enterprise Module for HPC 12 (x86_64): gcc-fortran-32bit-4.8-8.2.1 References: https://bugzilla.suse.com/1174439 From sle-updates at lists.suse.com Tue Apr 20 16:17:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:17:02 +0200 (CEST) Subject: SUSE-SU-2021:14704-1: important: Security update for kvm Message-ID: <20210420161702.0FA32FF1B@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14704-1 Rating: important References: #1172383 #1172384 #1172385 #1172478 #1175441 #1176673 #1176682 #1176684 #1178934 #1179467 #1181108 #1182137 #1182425 #1182577 Cross-References: CVE-2014-3689 CVE-2015-1779 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 CVE-2020-14364 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20257 CVSS scores: CVE-2015-1779 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kvm-14704=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): kvm-1.4.2-60.34.1 References: https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2015-1779.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20257.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 From sle-updates at lists.suse.com Tue Apr 20 16:19:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:19:10 +0200 (CEST) Subject: SUSE-RU-2021:1271-1: moderate: Recommended update for grub2 Message-ID: <20210420161910.2D3E5FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1271-1 Rating: moderate References: #1181696 #1183761 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a migration issue due to a lower build number in higher service packs. (bsc#1183761) - Fix executable stack marking in `grub-emu`. (bsc#1181696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1271=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1271=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1271=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1271=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-122.4.1 grub2-debuginfo-2.02-122.4.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-122.4.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-122.4.1 grub2-i386-pc-2.02-122.4.1 grub2-x86_64-efi-2.02-122.4.1 grub2-x86_64-xen-2.02-122.4.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-122.4.1 grub2-systemd-sleep-plugin-2.02-122.4.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-122.4.1 grub2-debuginfo-2.02-122.4.1 grub2-debugsource-2.02-122.4.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-122.4.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-122.4.1 grub2-systemd-sleep-plugin-2.02-122.4.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-122.4.1 grub2-debuginfo-2.02-122.4.1 grub2-debugsource-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-122.4.1 grub2-x86_64-efi-2.02-122.4.1 grub2-x86_64-xen-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-122.4.1 grub2-systemd-sleep-plugin-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-122.4.1 grub2-debuginfo-2.02-122.4.1 grub2-debugsource-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-122.4.1 grub2-x86_64-efi-2.02-122.4.1 grub2-x86_64-xen-2.02-122.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-122.4.1 grub2-systemd-sleep-plugin-2.02-122.4.1 References: https://bugzilla.suse.com/1181696 https://bugzilla.suse.com/1183761 From sle-updates at lists.suse.com Tue Apr 20 16:20:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:20:25 +0200 (CEST) Subject: SUSE-SU-2021:1275-1: important: Security update for sudo Message-ID: <20210420162025.4A69AFF1B@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1275-1 Rating: important References: #1183936 Cross-References: CVE-2021-3156 CVSS scores: CVE-2021-3156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3156 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1275=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1275=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1275=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1275=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1275=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1275=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1275=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1275=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1275=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1275=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1275=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1275=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1275=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1275=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1275=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Manager Proxy 4.0 (x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.22-4.18.1 sudo-debuginfo-1.8.22-4.18.1 sudo-debugsource-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 References: https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1183936 From sle-updates at lists.suse.com Tue Apr 20 16:21:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:21:34 +0200 (CEST) Subject: SUSE-RU-2021:1272-1: moderate: Recommended update for grub2 Message-ID: <20210420162134.21617FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1272-1 Rating: moderate References: #1181696 #1183761 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a migration issue due to a lower build number in higher service packs. (bsc#1183761) - Fix executable stack marking in `grub-emu`. (bsc#1181696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1272=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1272=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1272=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1272=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1272=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-121.6.1 grub2-systemd-sleep-plugin-2.02-121.6.1 grub2-x86_64-xen-2.02-121.6.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-121.6.1 grub2-debuginfo-2.02-121.6.1 grub2-debugsource-2.02-121.6.1 grub2-i386-pc-2.02-121.6.1 grub2-x86_64-efi-2.02-121.6.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-121.6.1 grub2-systemd-sleep-plugin-2.02-121.6.1 grub2-x86_64-xen-2.02-121.6.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-121.6.1 grub2-debuginfo-2.02-121.6.1 grub2-debugsource-2.02-121.6.1 grub2-i386-pc-2.02-121.6.1 grub2-x86_64-efi-2.02-121.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-121.6.1 grub2-debuginfo-2.02-121.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-121.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-121.6.1 grub2-i386-pc-2.02-121.6.1 grub2-x86_64-efi-2.02-121.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-121.6.1 grub2-systemd-sleep-plugin-2.02-121.6.1 grub2-x86_64-xen-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-121.6.1 grub2-debuginfo-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-121.6.1 grub2-systemd-sleep-plugin-2.02-121.6.1 grub2-x86_64-xen-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-121.6.1 grub2-x86_64-efi-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-121.6.1 grub2-debuginfo-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-121.6.1 grub2-x86_64-efi-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-121.6.1 grub2-systemd-sleep-plugin-2.02-121.6.1 grub2-x86_64-xen-2.02-121.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-121.6.1 References: https://bugzilla.suse.com/1181696 https://bugzilla.suse.com/1183761 From sle-updates at lists.suse.com Tue Apr 20 16:22:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:22:45 +0200 (CEST) Subject: SUSE-RU-2021:1270-1: important: Recommended update for grub2 Message-ID: <20210420162245.31BABFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1270-1 Rating: important References: #1181696 #1182012 #1183761 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012) - Fix a migration issue due to a lower build number in higher service packs. (bsc#1183761) - Fix executable stack marking in `grub-emu`. (bsc#1181696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1270=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1270=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1270=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1270=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1270=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1270=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1270=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1270=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1270=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 - SUSE Manager Server 4.0 (s390x x86_64): grub2-debugsource-2.02-123.4.1 - SUSE Manager Server 4.0 (noarch): grub2-i386-pc-2.02-123.4.1 grub2-powerpc-ieee1275-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Manager Server 4.0 (s390x): grub2-s390x-emu-2.02-123.4.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE Manager Retail Branch Server 4.0 (noarch): grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Manager Proxy 4.0 (x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE Manager Proxy 4.0 (noarch): grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): grub2-i386-pc-2.02-123.4.1 grub2-powerpc-ieee1275-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): grub2-debugsource-2.02-123.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-123.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-123.4.1 grub2-i386-pc-2.02-123.4.1 grub2-powerpc-ieee1275-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): grub2-s390x-emu-2.02-123.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-123.4.1 grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): grub2-arm64-efi-2.02-123.4.1 grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE Enterprise Storage 6 (noarch): grub2-arm64-efi-2.02-123.4.1 grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 - SUSE CaaS Platform 4.0 (x86_64): grub2-2.02-123.4.1 grub2-debuginfo-2.02-123.4.1 grub2-debugsource-2.02-123.4.1 - SUSE CaaS Platform 4.0 (noarch): grub2-i386-pc-2.02-123.4.1 grub2-snapper-plugin-2.02-123.4.1 grub2-systemd-sleep-plugin-2.02-123.4.1 grub2-x86_64-efi-2.02-123.4.1 grub2-x86_64-xen-2.02-123.4.1 References: https://bugzilla.suse.com/1181696 https://bugzilla.suse.com/1182012 https://bugzilla.suse.com/1183761 From sle-updates at lists.suse.com Tue Apr 20 16:24:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:24:07 +0200 (CEST) Subject: SUSE-RU-2021:1279-1: moderate: Recommended update for crash Message-ID: <20210420162407.10CB1FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1279-1 Rating: moderate References: #1178827 #1182570 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. - Fix crash utility is taking forever to initialize a vmcore from large config system (bsc#1178827) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1279=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1279=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1279=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1279=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): crash-7.2.1-3.17.2 crash-debugsource-7.2.1-3.17.2 crash-devel-7.2.1-3.17.2 crash-kmp-default-7.2.1_k4.12.14_150.69-3.17.2 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150.69-3.17.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): crash-debuginfo-7.2.1-3.17.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): crash-gcore-7.2.1-3.17.2 crash-gcore-debuginfo-7.2.1-3.17.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): crash-7.2.1-3.17.2 crash-debuginfo-7.2.1-3.17.2 crash-debugsource-7.2.1-3.17.2 crash-devel-7.2.1-3.17.2 crash-kmp-default-7.2.1_k4.12.14_150.69-3.17.2 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150.69-3.17.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): crash-7.2.1-3.17.2 crash-debuginfo-7.2.1-3.17.2 crash-debugsource-7.2.1-3.17.2 crash-devel-7.2.1-3.17.2 crash-kmp-default-7.2.1_k4.12.14_150.69-3.17.2 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150.69-3.17.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): crash-gcore-7.2.1-3.17.2 crash-gcore-debuginfo-7.2.1-3.17.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): crash-7.2.1-3.17.2 crash-debuginfo-7.2.1-3.17.2 crash-debugsource-7.2.1-3.17.2 crash-devel-7.2.1-3.17.2 crash-kmp-default-7.2.1_k4.12.14_150.69-3.17.2 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150.69-3.17.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): crash-gcore-7.2.1-3.17.2 crash-gcore-debuginfo-7.2.1-3.17.2 References: https://bugzilla.suse.com/1178827 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Tue Apr 20 16:25:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:25:15 +0200 (CEST) Subject: SUSE-SU-2021:1274-1: important: Security update for sudo Message-ID: <20210420162515.922A7FF1B@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1274-1 Rating: important References: #1183936 Cross-References: CVE-2021-3156 CVSS scores: CVE-2021-3156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3156 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1274=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1274=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.15.1 sudo-debugsource-1.8.27-4.15.1 sudo-devel-1.8.27-4.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.15.1 sudo-debuginfo-1.8.27-4.15.1 sudo-debugsource-1.8.27-4.15.1 References: https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1183936 From sle-updates at lists.suse.com Tue Apr 20 16:26:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:26:26 +0200 (CEST) Subject: SUSE-RU-2021:1106-2: moderate: Recommended update for sapconf Message-ID: <20210420162626.26A11FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1106-2 Rating: moderate References: #1179524 #1179880 #1182314 #1182906 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS HPE Helion Openstack 8 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Added sapconf_check and supportconfig plugin for sapconf - Added change log message for 'MIN_PERF_PCT' parameter to reduce the spot light (bsc#1179524) - Added an additional check to detect an active saptune service to improve log messages (bsc#1182314) - Fixed a typo in the last changelog entry and clarified the man page section about profile handling (bsc#1179880) - sapconf.service will now only be disabled if saptune is active (bsc#1182906) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1106=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1106=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1106=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1106=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1106=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1106=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1106=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1106=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1106=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): sapconf-5.0.2-40.65.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): sapconf-5.0.2-40.65.1 - SUSE OpenStack Cloud 9 (noarch): sapconf-5.0.2-40.65.1 - SUSE OpenStack Cloud 8 (noarch): sapconf-5.0.2-40.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sapconf-5.0.2-40.65.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sapconf-5.0.2-40.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): sapconf-5.0.2-40.65.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): sapconf-5.0.2-40.65.1 - HPE Helion Openstack 8 (noarch): sapconf-5.0.2-40.65.1 References: https://bugzilla.suse.com/1179524 https://bugzilla.suse.com/1179880 https://bugzilla.suse.com/1182314 https://bugzilla.suse.com/1182906 From sle-updates at lists.suse.com Tue Apr 20 16:27:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:27:47 +0200 (CEST) Subject: SUSE-RU-2021:1269-1: important: Recommended update for grub2 Message-ID: <20210420162747.25BA6FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1269-1 Rating: important References: #1174166 #1181696 #1182012 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012) - Fix executable stack marking in `grub-emu`. (bsc#1181696) - Remove `95_textmode` for PowerPC given that there's no efi port on that architecture. (bsc#1174166) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1269=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1269=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1269=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): grub2-2.04-9.42.1 grub2-debuginfo-2.04-9.42.1 grub2-debugsource-2.04-9.42.1 - SUSE MicroOS 5.0 (noarch): grub2-arm64-efi-2.04-9.42.1 grub2-i386-pc-2.04-9.42.1 grub2-snapper-plugin-2.04-9.42.1 grub2-x86_64-efi-2.04-9.42.1 grub2-x86_64-xen-2.04-9.42.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.42.1 grub2-debuginfo-2.04-9.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.42.1 grub2-i386-pc-2.04-9.42.1 grub2-powerpc-ieee1275-2.04-9.42.1 grub2-snapper-plugin-2.04-9.42.1 grub2-systemd-sleep-plugin-2.04-9.42.1 grub2-x86_64-efi-2.04-9.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.42.1 References: https://bugzilla.suse.com/1174166 https://bugzilla.suse.com/1181696 https://bugzilla.suse.com/1182012 From sle-updates at lists.suse.com Tue Apr 20 16:29:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:29:07 +0200 (CEST) Subject: SUSE-SU-2021:1273-1: important: Security update for sudo Message-ID: <20210420162907.8C03CFF1B@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1273-1 Rating: important References: #1183936 Cross-References: CVE-2021-3156 CVSS scores: CVE-2021-3156 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3156 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1273=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1273=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1273=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1273=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1273=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1273=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1273=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1273=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1273=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1273=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE OpenStack Cloud 9 (x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE OpenStack Cloud 8 (x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 - HPE Helion Openstack 8 (x86_64): sudo-1.8.20p2-3.23.1 sudo-debuginfo-1.8.20p2-3.23.1 sudo-debugsource-1.8.20p2-3.23.1 References: https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1183936 From sle-updates at lists.suse.com Tue Apr 20 16:30:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:30:14 +0200 (CEST) Subject: SUSE-RU-2021:1284-1: moderate: Recommended update for adcli Message-ID: <20210420163014.C7347FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1284-1 Rating: moderate References: #1184462 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for adcli fixes the following issues: - Respect allowed Kerberos encryption types. (bsc#1184462) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1284=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-9.3.1 adcli-debuginfo-0.8.2-9.3.1 adcli-debugsource-0.8.2-9.3.1 adcli-doc-0.8.2-9.3.1 References: https://bugzilla.suse.com/1184462 From sle-updates at lists.suse.com Tue Apr 20 16:31:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:31:22 +0200 (CEST) Subject: SUSE-RU-2021:1285-1: moderate: Recommended update for autoyast2 Message-ID: <20210420163122.DE54EFF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1285-1 Rating: moderate References: #1183719 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autoyast2 fixes the following issues: - Add 'autoyast2-installations' binaries to the installer channels. (bsc#1183719) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1285=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1285=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1285=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1285=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1285=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1285=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-1285=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1285=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1285=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1285=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Manager Retail Branch Server 4.0 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Manager Proxy 4.0 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE Enterprise Storage 6 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 - SUSE CaaS Platform 4.0 (noarch): autoyast2-4.1.21-3.24.1 autoyast2-installation-4.1.21-3.24.1 References: https://bugzilla.suse.com/1183719 From sle-updates at lists.suse.com Tue Apr 20 16:32:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:32:35 +0200 (CEST) Subject: SUSE-SU-2021:1277-1: moderate: Security update for ImageMagick Message-ID: <20210420163235.8C5B3FF1B@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1277-1 Rating: moderate References: #1184624 #1184626 #1184627 #1184628 Cross-References: CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 CVSS scores: CVE-2021-20309 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20311 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20312 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20313 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624) - CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626) - CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) - CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1277=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1277=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1277=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.165.1 ImageMagick-debuginfo-6.8.8.1-71.165.1 ImageMagick-debugsource-6.8.8.1-71.165.1 libMagick++-6_Q16-3-6.8.8.1-71.165.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.165.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.165.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.165.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.165.1 ImageMagick-config-6-SUSE-6.8.8.1-71.165.1 ImageMagick-config-6-upstream-6.8.8.1-71.165.1 ImageMagick-debuginfo-6.8.8.1-71.165.1 ImageMagick-debugsource-6.8.8.1-71.165.1 ImageMagick-devel-6.8.8.1-71.165.1 libMagick++-6_Q16-3-6.8.8.1-71.165.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.165.1 libMagick++-devel-6.8.8.1-71.165.1 perl-PerlMagick-6.8.8.1-71.165.1 perl-PerlMagick-debuginfo-6.8.8.1-71.165.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.165.1 ImageMagick-config-6-upstream-6.8.8.1-71.165.1 ImageMagick-debuginfo-6.8.8.1-71.165.1 ImageMagick-debugsource-6.8.8.1-71.165.1 libMagickCore-6_Q16-1-6.8.8.1-71.165.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.165.1 libMagickWand-6_Q16-1-6.8.8.1-71.165.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.165.1 References: https://www.suse.com/security/cve/CVE-2021-20309.html https://www.suse.com/security/cve/CVE-2021-20311.html https://www.suse.com/security/cve/CVE-2021-20312.html https://www.suse.com/security/cve/CVE-2021-20313.html https://bugzilla.suse.com/1184624 https://bugzilla.suse.com/1184626 https://bugzilla.suse.com/1184627 https://bugzilla.suse.com/1184628 From sle-updates at lists.suse.com Tue Apr 20 16:33:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:33:59 +0200 (CEST) Subject: SUSE-SU-2021:1280-1: moderate: Security update for ruby2.5 Message-ID: <20210420163359.CF3F0FF1B@maintenance.suse.de> SUSE Security Update: Security update for ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1280-1 Rating: moderate References: #1184644 Cross-References: CVE-2021-28965 CVSS scores: CVE-2021-28965 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1280=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1280=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.17.1 libruby2_5-2_5-debuginfo-2.5.9-4.17.1 ruby2.5-2.5.9-4.17.1 ruby2.5-debuginfo-2.5.9-4.17.1 ruby2.5-debugsource-2.5.9-4.17.1 ruby2.5-stdlib-2.5.9-4.17.1 ruby2.5-stdlib-debuginfo-2.5.9-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-4.17.1 libruby2_5-2_5-debuginfo-2.5.9-4.17.1 ruby2.5-2.5.9-4.17.1 ruby2.5-debuginfo-2.5.9-4.17.1 ruby2.5-debugsource-2.5.9-4.17.1 ruby2.5-devel-2.5.9-4.17.1 ruby2.5-devel-extra-2.5.9-4.17.1 ruby2.5-stdlib-2.5.9-4.17.1 ruby2.5-stdlib-debuginfo-2.5.9-4.17.1 References: https://www.suse.com/security/cve/CVE-2021-28965.html https://bugzilla.suse.com/1184644 From sle-updates at lists.suse.com Tue Apr 20 16:35:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:35:03 +0200 (CEST) Subject: SUSE-SU-2021:1282-1: moderate: Security update for apache-commons-io Message-ID: <20210420163503.D1CB4FF1B@maintenance.suse.de> SUSE Security Update: Security update for apache-commons-io ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1282-1 Rating: moderate References: #1184755 Cross-References: CVE-2021-29425 CVSS scores: CVE-2021-29425 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1282=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): apache-commons-io-2.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-29425.html https://bugzilla.suse.com/1184755 From sle-updates at lists.suse.com Tue Apr 20 16:36:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Apr 2021 18:36:09 +0200 (CEST) Subject: SUSE-SU-2021:1276-1: moderate: Security update for ImageMagick Message-ID: <20210420163609.40AE6FF1B@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1276-1 Rating: moderate References: #1184624 #1184626 #1184627 #1184628 Cross-References: CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 CVSS scores: CVE-2021-20309 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20311 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20312 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20313 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624) - CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626) - CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) - CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1276=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1276=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1276=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1276=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.15.1 ImageMagick-debugsource-7.0.7.34-10.15.1 perl-PerlMagick-7.0.7.34-10.15.1 perl-PerlMagick-debuginfo-7.0.7.34-10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.15.1 ImageMagick-debugsource-7.0.7.34-10.15.1 perl-PerlMagick-7.0.7.34-10.15.1 perl-PerlMagick-debuginfo-7.0.7.34-10.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.15.1 ImageMagick-config-7-SUSE-7.0.7.34-10.15.1 ImageMagick-config-7-upstream-7.0.7.34-10.15.1 ImageMagick-debuginfo-7.0.7.34-10.15.1 ImageMagick-debugsource-7.0.7.34-10.15.1 ImageMagick-devel-7.0.7.34-10.15.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.15.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.15.1 libMagick++-devel-7.0.7.34-10.15.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.15.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.15.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.15.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.15.1 ImageMagick-config-7-SUSE-7.0.7.34-10.15.1 ImageMagick-config-7-upstream-7.0.7.34-10.15.1 ImageMagick-debuginfo-7.0.7.34-10.15.1 ImageMagick-debugsource-7.0.7.34-10.15.1 ImageMagick-devel-7.0.7.34-10.15.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.15.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.15.1 libMagick++-devel-7.0.7.34-10.15.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.15.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.15.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.15.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.15.1 References: https://www.suse.com/security/cve/CVE-2021-20309.html https://www.suse.com/security/cve/CVE-2021-20311.html https://www.suse.com/security/cve/CVE-2021-20312.html https://www.suse.com/security/cve/CVE-2021-20313.html https://bugzilla.suse.com/1184624 https://bugzilla.suse.com/1184626 https://bugzilla.suse.com/1184627 https://bugzilla.suse.com/1184628 From sle-updates at lists.suse.com Tue Apr 20 22:15:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 00:15:27 +0200 (CEST) Subject: SUSE-RU-2021:1286-1: moderate: Recommended update for SLES-release Message-ID: <20210420221527.E4E5BFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1286-1 Rating: moderate References: #1180836 Affected Products: SUSE Linux Enterprise Server 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2021-1286=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (aarch64 ppc64le s390x x86_64): sles-release-15.2-52.3.1 References: https://bugzilla.suse.com/1180836 From sle-updates at lists.suse.com Wed Apr 21 13:16:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 15:16:35 +0200 (CEST) Subject: SUSE-RU-2021:1287-1: moderate: Recommended update for oracleasm Message-ID: <20210421131635.2707DFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1287-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1287=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_10.37-4.4.1 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_10.37-4.4.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Wed Apr 21 16:16:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:16:09 +0200 (CEST) Subject: SUSE-OU-2021:1296-1: Optional update for e2fsprogs Message-ID: <20210421161609.5F349FF86@maintenance.suse.de> SUSE Optional Update: Optional update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1296-1 Rating: low References: #1183791 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1296=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1296=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): e2fsprogs-1.43.8-4.26.1 e2fsprogs-debuginfo-1.43.8-4.26.1 e2fsprogs-debugsource-1.43.8-4.26.1 libcom_err2-1.43.8-4.26.1 libcom_err2-debuginfo-1.43.8-4.26.1 libext2fs2-1.43.8-4.26.1 libext2fs2-debuginfo-1.43.8-4.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-4.26.1 e2fsprogs-debuginfo-1.43.8-4.26.1 e2fsprogs-debugsource-1.43.8-4.26.1 e2fsprogs-devel-1.43.8-4.26.1 libcom_err-devel-1.43.8-4.26.1 libcom_err-devel-static-1.43.8-4.26.1 libcom_err2-1.43.8-4.26.1 libcom_err2-debuginfo-1.43.8-4.26.1 libext2fs-devel-1.43.8-4.26.1 libext2fs-devel-static-1.43.8-4.26.1 libext2fs2-1.43.8-4.26.1 libext2fs2-debuginfo-1.43.8-4.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): e2fsprogs-32bit-debuginfo-1.43.8-4.26.1 libcom_err2-32bit-1.43.8-4.26.1 libcom_err2-32bit-debuginfo-1.43.8-4.26.1 References: https://bugzilla.suse.com/1183791 From sle-updates at lists.suse.com Wed Apr 21 16:17:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:17:10 +0200 (CEST) Subject: SUSE-RU-2021:1295-1: moderate: Recommended update for systemd-presets-common-SUSE Message-ID: <20210421161710.8D66DFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-common-SUSE ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1295-1 Rating: moderate References: #1184136 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1295=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1295=1 Package List: - SUSE MicroOS 5.0 (noarch): systemd-presets-common-SUSE-15-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-presets-common-SUSE-15-8.6.1 References: https://bugzilla.suse.com/1184136 From sle-updates at lists.suse.com Wed Apr 21 16:18:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:18:12 +0200 (CEST) Subject: SUSE-RU-2021:1298-1: moderate: Recommended update for mdadm Message-ID: <20210421161812.D2ECBFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1298-1 Rating: moderate References: #1181341 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Avoids a useless re-sync in cluster-md/mdadm (bsc#1181341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1298=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1298=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): mdadm-4.1-15.29.1 mdadm-debuginfo-4.1-15.29.1 mdadm-debugsource-4.1-15.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.29.1 mdadm-debuginfo-4.1-15.29.1 mdadm-debugsource-4.1-15.29.1 References: https://bugzilla.suse.com/1181341 From sle-updates at lists.suse.com Wed Apr 21 16:19:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:19:15 +0200 (CEST) Subject: SUSE-RU-2021:1288-1: important: Recommended update for libvirt Message-ID: <20210421161915.7404AFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1288-1 Rating: important References: #1184152 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libvirt fixes the following issue: - Fix domain shutdown. (bsc#1184152) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1288=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1288=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-13.22.1 libvirt-devel-5.1.0-13.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-13.22.1 libvirt-admin-5.1.0-13.22.1 libvirt-admin-debuginfo-5.1.0-13.22.1 libvirt-client-5.1.0-13.22.1 libvirt-client-debuginfo-5.1.0-13.22.1 libvirt-daemon-5.1.0-13.22.1 libvirt-daemon-config-network-5.1.0-13.22.1 libvirt-daemon-config-nwfilter-5.1.0-13.22.1 libvirt-daemon-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-interface-5.1.0-13.22.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-lxc-5.1.0-13.22.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-network-5.1.0-13.22.1 libvirt-daemon-driver-network-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-nodedev-5.1.0-13.22.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-nwfilter-5.1.0-13.22.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-qemu-5.1.0-13.22.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-secret-5.1.0-13.22.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-storage-5.1.0-13.22.1 libvirt-daemon-driver-storage-core-5.1.0-13.22.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-storage-disk-5.1.0-13.22.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-storage-iscsi-5.1.0-13.22.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-storage-logical-5.1.0-13.22.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-storage-mpath-5.1.0-13.22.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.22.1 libvirt-daemon-driver-storage-scsi-5.1.0-13.22.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.22.1 libvirt-daemon-hooks-5.1.0-13.22.1 libvirt-daemon-lxc-5.1.0-13.22.1 libvirt-daemon-qemu-5.1.0-13.22.1 libvirt-debugsource-5.1.0-13.22.1 libvirt-doc-5.1.0-13.22.1 libvirt-libs-5.1.0-13.22.1 libvirt-libs-debuginfo-5.1.0-13.22.1 libvirt-lock-sanlock-5.1.0-13.22.1 libvirt-lock-sanlock-debuginfo-5.1.0-13.22.1 libvirt-nss-5.1.0-13.22.1 libvirt-nss-debuginfo-5.1.0-13.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-13.22.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.22.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvirt-daemon-driver-libxl-5.1.0-13.22.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.22.1 libvirt-daemon-xen-5.1.0-13.22.1 References: https://bugzilla.suse.com/1184152 From sle-updates at lists.suse.com Wed Apr 21 16:20:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:20:20 +0200 (CEST) Subject: SUSE-RU-2021:1289-1: moderate: Recommended update for gzip Message-ID: <20210421162020.F33CCFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for gzip ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1289-1 Rating: moderate References: #1177047 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1289=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1289=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1289=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): gzip-1.10-3.11.1 gzip-debuginfo-1.10-3.11.1 gzip-debugsource-1.10-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gzip-1.10-3.11.1 gzip-debuginfo-1.10-3.11.1 gzip-debugsource-1.10-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gzip-1.10-3.11.1 gzip-debuginfo-1.10-3.11.1 gzip-debugsource-1.10-3.11.1 References: https://bugzilla.suse.com/1177047 From sle-updates at lists.suse.com Wed Apr 21 16:21:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:21:27 +0200 (CEST) Subject: SUSE-OU-2021:1299-1: Optional update for gpgme Message-ID: <20210421162127.2BD94FF86@maintenance.suse.de> SUSE Optional Update: Optional update for gpgme ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1299-1 Rating: low References: #1183801 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1299=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1299=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1299=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): gpgme-debuginfo-1.13.1-4.3.1 gpgme-debugsource-1.13.1-4.3.1 libgpgme11-1.13.1-4.3.1 libgpgme11-debuginfo-1.13.1-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): gpgme-debuginfo-1.13.1-4.3.1 gpgme-debugsource-1.13.1-4.3.1 python3-gpg-1.13.1-4.3.1 python3-gpg-debuginfo-1.13.1-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gpgme-1.13.1-4.3.1 gpgme-debuginfo-1.13.1-4.3.1 gpgme-debugsource-1.13.1-4.3.1 gpgmeqt-debugsource-1.13.1-4.3.1 libgpgme-devel-1.13.1-4.3.1 libgpgme11-1.13.1-4.3.1 libgpgme11-debuginfo-1.13.1-4.3.1 libgpgmepp-devel-1.13.1-4.3.1 libgpgmepp6-1.13.1-4.3.1 libgpgmepp6-debuginfo-1.13.1-4.3.1 libqgpgme-devel-1.13.1-4.3.1 libqgpgme7-1.13.1-4.3.1 libqgpgme7-debuginfo-1.13.1-4.3.1 References: https://bugzilla.suse.com/1183801 From sle-updates at lists.suse.com Wed Apr 21 16:22:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:22:31 +0200 (CEST) Subject: SUSE-RU-2021:1297-1: moderate: Recommended update for systemd Message-ID: <20210421162231.4DE96FF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1297-1 Rating: moderate References: #1178219 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1297=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.82.1 References: https://bugzilla.suse.com/1178219 From sle-updates at lists.suse.com Wed Apr 21 16:23:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:23:33 +0200 (CEST) Subject: SUSE-RU-2021:1293-1: moderate: Recommended update for cloud-init Message-ID: <20210421162333.43FDEFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1293-1 Rating: moderate References: #1181283 #1184085 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2021-1293=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-5.52.1 cloud-init-config-suse-20.2-5.52.1 References: https://bugzilla.suse.com/1181283 https://bugzilla.suse.com/1184085 From sle-updates at lists.suse.com Wed Apr 21 16:24:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:24:39 +0200 (CEST) Subject: SUSE-RU-2021:1294-1: Recommended update for biosdevname Message-ID: <20210421162439.946CFFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1294-1 Rating: low References: #1184341 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname fixes the following issues: - Added support for exanic network cards (bsc#1184341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1294=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): biosdevname-0.7.2-11.19.1 biosdevname-debuginfo-0.7.2-11.19.1 biosdevname-debugsource-0.7.2-11.19.1 References: https://bugzilla.suse.com/1184341 From sle-updates at lists.suse.com Wed Apr 21 16:25:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:25:43 +0200 (CEST) Subject: SUSE-SU-2021:1292-1: moderate: Security update for pcp Message-ID: <20210421162543.56503FF86@maintenance.suse.de> SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1292-1 Rating: moderate References: #1123311 #1171883 #1181571 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pcp fixes the following issues: - Fixed completely CVE-2020-8025 (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1292=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1292=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1292=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1292=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpcp-devel-3.11.9-5.11.5 libpcp3-3.11.9-5.11.5 libpcp3-debuginfo-3.11.9-5.11.5 libpcp_gui2-3.11.9-5.11.5 libpcp_gui2-debuginfo-3.11.9-5.11.5 libpcp_import1-3.11.9-5.11.5 libpcp_import1-debuginfo-3.11.9-5.11.5 libpcp_mmv1-3.11.9-5.11.5 libpcp_mmv1-debuginfo-3.11.9-5.11.5 libpcp_trace2-3.11.9-5.11.5 libpcp_trace2-debuginfo-3.11.9-5.11.5 libpcp_web1-3.11.9-5.11.5 libpcp_web1-debuginfo-3.11.9-5.11.5 pcp-3.11.9-5.11.5 pcp-conf-3.11.9-5.11.5 pcp-debuginfo-3.11.9-5.11.5 pcp-debugsource-3.11.9-5.11.5 pcp-devel-3.11.9-5.11.5 pcp-devel-debuginfo-3.11.9-5.11.5 pcp-import-iostat2pcp-3.11.9-5.11.5 pcp-import-mrtg2pcp-3.11.9-5.11.5 pcp-import-sar2pcp-3.11.9-5.11.5 perl-PCP-LogImport-3.11.9-5.11.5 perl-PCP-LogImport-debuginfo-3.11.9-5.11.5 perl-PCP-LogSummary-3.11.9-5.11.5 perl-PCP-MMV-3.11.9-5.11.5 perl-PCP-MMV-debuginfo-3.11.9-5.11.5 perl-PCP-PMDA-3.11.9-5.11.5 perl-PCP-PMDA-debuginfo-3.11.9-5.11.5 python-pcp-3.11.9-5.11.5 python-pcp-debuginfo-3.11.9-5.11.5 - SUSE Linux Enterprise Server for SAP 15 (noarch): pcp-doc-3.11.9-5.11.5 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpcp-devel-3.11.9-5.11.5 libpcp3-3.11.9-5.11.5 libpcp3-debuginfo-3.11.9-5.11.5 libpcp_gui2-3.11.9-5.11.5 libpcp_gui2-debuginfo-3.11.9-5.11.5 libpcp_import1-3.11.9-5.11.5 libpcp_import1-debuginfo-3.11.9-5.11.5 libpcp_mmv1-3.11.9-5.11.5 libpcp_mmv1-debuginfo-3.11.9-5.11.5 libpcp_trace2-3.11.9-5.11.5 libpcp_trace2-debuginfo-3.11.9-5.11.5 libpcp_web1-3.11.9-5.11.5 libpcp_web1-debuginfo-3.11.9-5.11.5 pcp-3.11.9-5.11.5 pcp-conf-3.11.9-5.11.5 pcp-debuginfo-3.11.9-5.11.5 pcp-debugsource-3.11.9-5.11.5 pcp-devel-3.11.9-5.11.5 pcp-devel-debuginfo-3.11.9-5.11.5 pcp-import-iostat2pcp-3.11.9-5.11.5 pcp-import-mrtg2pcp-3.11.9-5.11.5 pcp-import-sar2pcp-3.11.9-5.11.5 perl-PCP-LogImport-3.11.9-5.11.5 perl-PCP-LogImport-debuginfo-3.11.9-5.11.5 perl-PCP-LogSummary-3.11.9-5.11.5 perl-PCP-MMV-3.11.9-5.11.5 perl-PCP-MMV-debuginfo-3.11.9-5.11.5 perl-PCP-PMDA-3.11.9-5.11.5 perl-PCP-PMDA-debuginfo-3.11.9-5.11.5 python-pcp-3.11.9-5.11.5 python-pcp-debuginfo-3.11.9-5.11.5 - SUSE Linux Enterprise Server 15-LTSS (noarch): pcp-doc-3.11.9-5.11.5 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpcp-devel-3.11.9-5.11.5 libpcp3-3.11.9-5.11.5 libpcp3-debuginfo-3.11.9-5.11.5 libpcp_gui2-3.11.9-5.11.5 libpcp_gui2-debuginfo-3.11.9-5.11.5 libpcp_import1-3.11.9-5.11.5 libpcp_import1-debuginfo-3.11.9-5.11.5 libpcp_mmv1-3.11.9-5.11.5 libpcp_mmv1-debuginfo-3.11.9-5.11.5 libpcp_trace2-3.11.9-5.11.5 libpcp_trace2-debuginfo-3.11.9-5.11.5 libpcp_web1-3.11.9-5.11.5 libpcp_web1-debuginfo-3.11.9-5.11.5 pcp-3.11.9-5.11.5 pcp-conf-3.11.9-5.11.5 pcp-debuginfo-3.11.9-5.11.5 pcp-debugsource-3.11.9-5.11.5 pcp-devel-3.11.9-5.11.5 pcp-devel-debuginfo-3.11.9-5.11.5 pcp-import-iostat2pcp-3.11.9-5.11.5 pcp-import-mrtg2pcp-3.11.9-5.11.5 pcp-import-sar2pcp-3.11.9-5.11.5 perl-PCP-LogImport-3.11.9-5.11.5 perl-PCP-LogImport-debuginfo-3.11.9-5.11.5 perl-PCP-LogSummary-3.11.9-5.11.5 perl-PCP-MMV-3.11.9-5.11.5 perl-PCP-MMV-debuginfo-3.11.9-5.11.5 perl-PCP-PMDA-3.11.9-5.11.5 perl-PCP-PMDA-debuginfo-3.11.9-5.11.5 python-pcp-3.11.9-5.11.5 python-pcp-debuginfo-3.11.9-5.11.5 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): pcp-doc-3.11.9-5.11.5 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpcp-devel-3.11.9-5.11.5 libpcp3-3.11.9-5.11.5 libpcp3-debuginfo-3.11.9-5.11.5 libpcp_gui2-3.11.9-5.11.5 libpcp_gui2-debuginfo-3.11.9-5.11.5 libpcp_import1-3.11.9-5.11.5 libpcp_import1-debuginfo-3.11.9-5.11.5 libpcp_mmv1-3.11.9-5.11.5 libpcp_mmv1-debuginfo-3.11.9-5.11.5 libpcp_trace2-3.11.9-5.11.5 libpcp_trace2-debuginfo-3.11.9-5.11.5 libpcp_web1-3.11.9-5.11.5 libpcp_web1-debuginfo-3.11.9-5.11.5 pcp-3.11.9-5.11.5 pcp-conf-3.11.9-5.11.5 pcp-debuginfo-3.11.9-5.11.5 pcp-debugsource-3.11.9-5.11.5 pcp-devel-3.11.9-5.11.5 pcp-devel-debuginfo-3.11.9-5.11.5 pcp-import-iostat2pcp-3.11.9-5.11.5 pcp-import-mrtg2pcp-3.11.9-5.11.5 pcp-import-sar2pcp-3.11.9-5.11.5 perl-PCP-LogImport-3.11.9-5.11.5 perl-PCP-LogImport-debuginfo-3.11.9-5.11.5 perl-PCP-LogSummary-3.11.9-5.11.5 perl-PCP-MMV-3.11.9-5.11.5 perl-PCP-MMV-debuginfo-3.11.9-5.11.5 perl-PCP-PMDA-3.11.9-5.11.5 perl-PCP-PMDA-debuginfo-3.11.9-5.11.5 python-pcp-3.11.9-5.11.5 python-pcp-debuginfo-3.11.9-5.11.5 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): pcp-doc-3.11.9-5.11.5 References: https://bugzilla.suse.com/1123311 https://bugzilla.suse.com/1171883 https://bugzilla.suse.com/1181571 From sle-updates at lists.suse.com Wed Apr 21 16:26:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:26:59 +0200 (CEST) Subject: SUSE-RU-2021:1290-1: moderate: Recommended update for gzip Message-ID: <20210421162659.A7FACFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for gzip ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1290-1 Rating: moderate References: #1177047 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1290=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gzip-1.10-4.8.1 gzip-debuginfo-1.10-4.8.1 gzip-debugsource-1.10-4.8.1 References: https://bugzilla.suse.com/1177047 From sle-updates at lists.suse.com Wed Apr 21 16:28:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:28:03 +0200 (CEST) Subject: SUSE-RU-2021:1291-1: moderate: Recommended update for mpfr Message-ID: <20210421162803.74BEDFF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for mpfr ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1291-1 Rating: moderate References: #1141190 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mpfr fixes the following issues: - Fixed an issue when building for ppc64le (bsc#1141190) Technical library fixes: - A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines). - The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow. - The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision. - The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2). - The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator. - The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1291=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libmpfr6-4.0.2-3.3.1 libmpfr6-debuginfo-4.0.2-3.3.1 mpfr-debugsource-4.0.2-3.3.1 mpfr-devel-4.0.2-3.3.1 References: https://bugzilla.suse.com/1141190 From sle-updates at lists.suse.com Wed Apr 21 16:29:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:29:07 +0200 (CEST) Subject: SUSE-SU-2021:14705-1: important: Security update for tomcat6 Message-ID: <20210421162907.3A593FF86@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14705-1 Rating: important References: #1059554 #1180947 #1182909 Cross-References: CVE-2017-12617 CVE-2021-24122 CVE-2021-25329 CVSS scores: CVE-2017-12617 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12617 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-24122 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-24122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25329 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25329 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 (bsc#1182909). - CVE-2021-24122: Fixed an information disclosure (bsc#1180947). - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request (bsc#1059554). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tomcat6-14705=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tomcat6-14705=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): tomcat6-6.0.53-0.57.19.1 tomcat6-admin-webapps-6.0.53-0.57.19.1 tomcat6-docs-webapp-6.0.53-0.57.19.1 tomcat6-javadoc-6.0.53-0.57.19.1 tomcat6-jsp-2_1-api-6.0.53-0.57.19.1 tomcat6-lib-6.0.53-0.57.19.1 tomcat6-servlet-2_5-api-6.0.53-0.57.19.1 tomcat6-webapps-6.0.53-0.57.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): tomcat6-6.0.53-0.57.19.1 tomcat6-admin-webapps-6.0.53-0.57.19.1 tomcat6-docs-webapp-6.0.53-0.57.19.1 tomcat6-javadoc-6.0.53-0.57.19.1 tomcat6-jsp-2_1-api-6.0.53-0.57.19.1 tomcat6-lib-6.0.53-0.57.19.1 tomcat6-servlet-2_5-api-6.0.53-0.57.19.1 tomcat6-webapps-6.0.53-0.57.19.1 References: https://www.suse.com/security/cve/CVE-2017-12617.html https://www.suse.com/security/cve/CVE-2021-24122.html https://www.suse.com/security/cve/CVE-2021-25329.html https://bugzilla.suse.com/1059554 https://bugzilla.suse.com/1180947 https://bugzilla.suse.com/1182909 From sle-updates at lists.suse.com Wed Apr 21 16:30:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 18:30:24 +0200 (CEST) Subject: SUSE-SU-2021:1301-1: important: Security update for the Linux Kernel Message-ID: <20210421163024.F0CAAFF86@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1301-1 Rating: important References: #1047233 #1065729 #1113295 #1152489 #1154353 #1155518 #1156395 #1178181 #1181507 #1183405 #1184074 #1184120 #1184194 #1184211 #1184388 #1184391 #1184393 #1184509 #1184511 #1184512 #1184514 #1184583 #1184647 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2021-28950 CVE-2021-29154 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - libbpf: Fix INSTALL flag order (bsc#1155518). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: wan/lmc: unregister device when no matching device is found (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: fix setting irq affinity (bsc#1184583). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1301=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.44.1 kernel-source-azure-5.3.18-18.44.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.44.1 kernel-azure-debuginfo-5.3.18-18.44.1 kernel-azure-debugsource-5.3.18-18.44.1 kernel-azure-devel-5.3.18-18.44.1 kernel-azure-devel-debuginfo-5.3.18-18.44.1 kernel-syms-azure-5.3.18-18.44.1 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184074 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184647 From sle-updates at lists.suse.com Wed Apr 21 19:16:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Apr 2021 21:16:31 +0200 (CEST) Subject: SUSE-RU-2021:1302-1: moderate: Recommended update for susemanager-sync-data Message-ID: <20210421191631.86E40FF86@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1302-1 Rating: moderate References: #1183845 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-sync-data fixes the following issue: - Add OES2018 SP3. (bsc#1183845) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1302=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): susemanager-sync-data-4.1.13-3.20.1 References: https://bugzilla.suse.com/1183845 From sle-updates at lists.suse.com Thu Apr 22 01:15:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Apr 2021 03:15:24 +0200 (CEST) Subject: SUSE-RU-2021:1303-1: moderate: Recommended update for hawk2 Message-ID: <20210422011524.20CBEFF8D@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1303-1 Rating: moderate References: #1184274 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hawk2 fixes the following issues: - Fixed an isshe when wizards UI are not shown. (bsc#1184274) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1303=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1303=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): hawk2-2.6.4+git.1618478925.fbddddd9-3.33.3 hawk2-debuginfo-2.6.4+git.1618478925.fbddddd9-3.33.3 hawk2-debugsource-2.6.4+git.1618478925.fbddddd9-3.33.3 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): hawk2-2.6.4+git.1618478925.fbddddd9-3.33.3 hawk2-debuginfo-2.6.4+git.1618478925.fbddddd9-3.33.3 hawk2-debugsource-2.6.4+git.1618478925.fbddddd9-3.33.3 References: https://bugzilla.suse.com/1184274 From sle-updates at lists.suse.com Thu Apr 22 06:25:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Apr 2021 08:25:25 +0200 (CEST) Subject: SUSE-CU-2021:115-1: Recommended update of suse/sle15 Message-ID: <20210422062525.1405BB461DE@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:115-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.379 Container Release : 4.22.379 Severity : moderate Type : recommended References : 1178219 1183791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. From sle-updates at lists.suse.com Thu Apr 22 06:38:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Apr 2021 08:38:28 +0200 (CEST) Subject: SUSE-CU-2021:116-1: Recommended update of suse/sle15 Message-ID: <20210422063828.98BA9B461DE@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:116-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.438 Container Release : 6.2.438 Severity : moderate Type : recommended References : 1178219 1183791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. From sle-updates at lists.suse.com Thu Apr 22 19:15:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Apr 2021 21:15:37 +0200 (CEST) Subject: SUSE-SU-2021:1305-1: important: Security update for qemu Message-ID: <20210422191537.C0A17FD9D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1305-1 Rating: important References: #1172383 #1172384 #1172385 #1172386 #1172478 #1173612 #1174386 #1174641 #1175441 #1176673 #1176682 #1176684 #1178174 #1178934 #1179467 #1180523 #1181108 #1181639 #1182137 #1182425 #1182577 #1182968 Cross-References: CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20257 CVE-2021-3416 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-16092 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-16092 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 21 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386 - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1305=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1305=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1305=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): qemu-ipxe-1.0.0-41.62.1 qemu-seabios-1.9.1_0_gb3ef39f-41.62.1 qemu-sgabios-8-41.62.1 qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): qemu-2.6.2-41.62.1 qemu-block-curl-2.6.2-41.62.1 qemu-block-curl-debuginfo-2.6.2-41.62.1 qemu-block-rbd-2.6.2-41.62.1 qemu-block-rbd-debuginfo-2.6.2-41.62.1 qemu-block-ssh-2.6.2-41.62.1 qemu-block-ssh-debuginfo-2.6.2-41.62.1 qemu-debugsource-2.6.2-41.62.1 qemu-guest-agent-2.6.2-41.62.1 qemu-guest-agent-debuginfo-2.6.2-41.62.1 qemu-kvm-2.6.2-41.62.1 qemu-lang-2.6.2-41.62.1 qemu-tools-2.6.2-41.62.1 qemu-tools-debuginfo-2.6.2-41.62.1 qemu-x86-2.6.2-41.62.1 qemu-x86-debuginfo-2.6.2-41.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): qemu-2.6.2-41.62.1 qemu-block-curl-2.6.2-41.62.1 qemu-block-curl-debuginfo-2.6.2-41.62.1 qemu-block-rbd-2.6.2-41.62.1 qemu-block-rbd-debuginfo-2.6.2-41.62.1 qemu-block-ssh-2.6.2-41.62.1 qemu-block-ssh-debuginfo-2.6.2-41.62.1 qemu-debugsource-2.6.2-41.62.1 qemu-guest-agent-2.6.2-41.62.1 qemu-guest-agent-debuginfo-2.6.2-41.62.1 qemu-kvm-2.6.2-41.62.1 qemu-lang-2.6.2-41.62.1 qemu-tools-2.6.2-41.62.1 qemu-tools-debuginfo-2.6.2-41.62.1 qemu-x86-2.6.2-41.62.1 qemu-x86-debuginfo-2.6.2-41.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): qemu-ipxe-1.0.0-41.62.1 qemu-seabios-1.9.1_0_gb3ef39f-41.62.1 qemu-sgabios-8-41.62.1 qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.62.1 qemu-block-curl-2.6.2-41.62.1 qemu-block-curl-debuginfo-2.6.2-41.62.1 qemu-block-rbd-2.6.2-41.62.1 qemu-block-rbd-debuginfo-2.6.2-41.62.1 qemu-block-ssh-2.6.2-41.62.1 qemu-block-ssh-debuginfo-2.6.2-41.62.1 qemu-debugsource-2.6.2-41.62.1 qemu-guest-agent-2.6.2-41.62.1 qemu-guest-agent-debuginfo-2.6.2-41.62.1 qemu-kvm-2.6.2-41.62.1 qemu-lang-2.6.2-41.62.1 qemu-tools-2.6.2-41.62.1 qemu-tools-debuginfo-2.6.2-41.62.1 qemu-x86-2.6.2-41.62.1 qemu-x86-debuginfo-2.6.2-41.62.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.62.1 qemu-seabios-1.9.1_0_gb3ef39f-41.62.1 qemu-sgabios-8-41.62.1 qemu-vgabios-1.9.1_0_gb3ef39f-41.62.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27617.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-3416.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178174 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 https://bugzilla.suse.com/1182968 From sle-updates at lists.suse.com Fri Apr 23 10:15:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Apr 2021 12:15:48 +0200 (CEST) Subject: SUSE-SU-2021:1307-1: important: Security update for MozillaFirefox Message-ID: <20210423101548.811FAFD9D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1307-1 Rating: important References: #1184960 Cross-References: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVSS scores: CVE-2021-23961 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23961 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23994 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23995 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23998 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23999 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-24002 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29945 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29946 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1307=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1307=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.10.0-8.38.1 MozillaFirefox-debuginfo-78.10.0-8.38.1 MozillaFirefox-debugsource-78.10.0-8.38.1 MozillaFirefox-translations-common-78.10.0-8.38.1 MozillaFirefox-translations-other-78.10.0-8.38.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.10.0-8.38.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.10.0-8.38.1 MozillaFirefox-debuginfo-78.10.0-8.38.1 MozillaFirefox-debugsource-78.10.0-8.38.1 MozillaFirefox-devel-78.10.0-8.38.1 MozillaFirefox-translations-common-78.10.0-8.38.1 MozillaFirefox-translations-other-78.10.0-8.38.1 References: https://www.suse.com/security/cve/CVE-2021-23961.html https://www.suse.com/security/cve/CVE-2021-23994.html https://www.suse.com/security/cve/CVE-2021-23995.html https://www.suse.com/security/cve/CVE-2021-23998.html https://www.suse.com/security/cve/CVE-2021-23999.html https://www.suse.com/security/cve/CVE-2021-24002.html https://www.suse.com/security/cve/CVE-2021-29945.html https://www.suse.com/security/cve/CVE-2021-29946.html https://bugzilla.suse.com/1184960 From sle-updates at lists.suse.com Fri Apr 23 16:17:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Apr 2021 18:17:32 +0200 (CEST) Subject: SUSE-RU-2021:1308-1: important: Recommended update for resource-agents Message-ID: <20210423161732.14561FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1308-1 Rating: important References: #1177796 #1180590 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when customers experience issues with azure-events resource agent with 'URLError'. (bsc#1180590) - Fixed an issue when 'ethmonitor' bloats journal with warnings for VLAN devices. (bsc#1177796) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1308=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1308=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.69.2 resource-agents-4.3.018.a7fb5035-3.69.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.69.2 resource-agents-debugsource-4.3.018.a7fb5035-3.69.2 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.69.2 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.69.2 resource-agents-4.3.018.a7fb5035-3.69.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.69.2 resource-agents-debugsource-4.3.018.a7fb5035-3.69.2 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.69.2 References: https://bugzilla.suse.com/1177796 https://bugzilla.suse.com/1180590 From sle-updates at lists.suse.com Fri Apr 23 16:18:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Apr 2021 18:18:43 +0200 (CEST) Subject: SUSE-RU-2021:1309-1: important: Recommended update for NetworkManager Message-ID: <20210423161843.A7D59FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1309-1 Rating: important References: #1183202 #1183967 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for NetworkManager fixes the following issues: - Better handle dhclient's timeout so that a recorded lease can be used when dhcp server is down. (bsc#1183202) - Use `dhclient` as the default dhcp client. (bsc#1183202) - bond: restore `MAC` on release only when there is a cloned `MAC address`. (bsc#1183967) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1309=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1309=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1309=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1309=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1309=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1309=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): NetworkManager-debuginfo-1.22.10-3.7.1 NetworkManager-debugsource-1.22.10-3.7.1 libnm0-1.22.10-3.7.1 libnm0-debuginfo-1.22.10-3.7.1 typelib-1_0-NM-1_0-1.22.10-3.7.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): NetworkManager-lang-1.22.10-3.7.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): NetworkManager-debuginfo-1.22.10-3.7.1 NetworkManager-debugsource-1.22.10-3.7.1 NetworkManager-devel-1.22.10-3.7.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): NetworkManager-lang-1.22.10-3.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): NetworkManager-1.22.10-3.7.1 NetworkManager-debuginfo-1.22.10-3.7.1 NetworkManager-debugsource-1.22.10-3.7.1 NetworkManager-devel-1.22.10-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.22.10-3.7.1 NetworkManager-debugsource-1.22.10-3.7.1 libnm0-1.22.10-3.7.1 libnm0-debuginfo-1.22.10-3.7.1 typelib-1_0-NM-1_0-1.22.10-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.22.10-3.7.1 NetworkManager-debugsource-1.22.10-3.7.1 libnm0-1.22.10-3.7.1 libnm0-debuginfo-1.22.10-3.7.1 typelib-1_0-NM-1_0-1.22.10-3.7.1 References: https://bugzilla.suse.com/1183202 https://bugzilla.suse.com/1183967 From sle-updates at lists.suse.com Fri Apr 23 19:17:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Apr 2021 21:17:37 +0200 (CEST) Subject: SUSE-SU-2021:14706-1: important: Security update for kvm Message-ID: <20210423191737.C0496FD9D@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14706-1 Rating: important References: #1123156 #1146873 #1149811 #1161066 #1163018 #1170940 #1172383 #1172384 #1172385 #1172478 #1175441 #1176673 #1176682 #1176684 #1178934 #1179467 #1181108 #1182137 #1182425 #1182577 Cross-References: CVE-2014-3689 CVE-2015-1779 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 CVE-2020-14364 CVE-2020-1983 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-29130 CVE-2020-29443 CVE-2020-7039 CVE-2020-8608 CVE-2021-20181 CVE-2021-20257 CVSS scores: CVE-2015-1779 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-12068 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2019-12068 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-15890 (SUSE): 5.8 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-6778 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-6778 (SUSE): 7.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-12829 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12829 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-13361 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13765 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-13765 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-1983 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-1983 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25084 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25625 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-7039 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-7039 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H CVE-2020-8608 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-8608 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix use-after-free in slirp (CVE-2019-15890 bsc#1149811) - Fix for similar problems as for the original fix prompting this issue (CVE-2019-6778 bsc#1123156) - Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 CVE-2020-7039 bsc#1161066) - Fix use after free in slirp (CVE-2020-1983 bsc#1170940) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-14706=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.38.1 References: https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2015-1779.html https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2020-12829.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13765.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-1983.html https://www.suse.com/security/cve/CVE-2020-25084.html https://www.suse.com/security/cve/CVE-2020-25624.html https://www.suse.com/security/cve/CVE-2020-25625.html https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-29130.html https://www.suse.com/security/cve/CVE-2020-29443.html https://www.suse.com/security/cve/CVE-2020-7039.html https://www.suse.com/security/cve/CVE-2020-8608.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20257.html https://bugzilla.suse.com/1123156 https://bugzilla.suse.com/1146873 https://bugzilla.suse.com/1149811 https://bugzilla.suse.com/1161066 https://bugzilla.suse.com/1163018 https://bugzilla.suse.com/1170940 https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172385 https://bugzilla.suse.com/1172478 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176673 https://bugzilla.suse.com/1176682 https://bugzilla.suse.com/1176684 https://bugzilla.suse.com/1178934 https://bugzilla.suse.com/1179467 https://bugzilla.suse.com/1181108 https://bugzilla.suse.com/1182137 https://bugzilla.suse.com/1182425 https://bugzilla.suse.com/1182577 From sle-updates at lists.suse.com Fri Apr 23 19:22:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Apr 2021 21:22:33 +0200 (CEST) Subject: SUSE-RU-2021:1312-1: moderate: Recommended update for oracleasm Message-ID: <20210423192233.ACAD0FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1312-1 Rating: moderate References: #1174543 #1182570 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543 bsc#1182570) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1312=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1312=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1312=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1312=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1312=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1312=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.141-3.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.141-3.11.1 - SUSE OpenStack Cloud 8 (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.141-3.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.141-3.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.141-3.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.141-3.11.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.141-3.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.141-3.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.141-3.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.141-3.11.1 - HPE Helion Openstack 8 (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.141-3.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.141-3.11.1 References: https://bugzilla.suse.com/1174543 https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 23 19:23:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Apr 2021 21:23:45 +0200 (CEST) Subject: SUSE-SU-2021:1310-1: moderate: Security update for librsvg Message-ID: <20210423192345.31E09FD9D@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1310-1 Rating: moderate References: #1148293 #1181571 Cross-References: CVE-2018-20991 CVSS scores: CVE-2018-20991 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for librsvg fixes the following issues: - librsvg was updated to 2.42.9: * Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991 (bsc#1148293) -the bundled version of the cssparser crate now builds correctly on Rust 1.43 (bsc#1181571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1310=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1310=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.42.9-3.6.1 rsvg-view-2.42.9-3.6.1 rsvg-view-debuginfo-2.42.9-3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.42.9-3.6.1 rsvg-view-2.42.9-3.6.1 rsvg-view-debuginfo-2.42.9-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-20991.html https://bugzilla.suse.com/1148293 https://bugzilla.suse.com/1181571 From sle-updates at lists.suse.com Sat Apr 24 06:01:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Apr 2021 08:01:21 +0200 (CEST) Subject: SUSE-CU-2021:118-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20210424060121.54D1DB462C9@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:118-1 Container Tags : ses/7/cephcsi/cephcsi:3.2.1 , ses/7/cephcsi/cephcsi:3.2.1.0.3.321 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.2.1 , ses/7/cephcsi/cephcsi:v3.2.1.0 Container Release : 3.321 Severity : important Type : security References : 1177047 1178219 1180836 1181976 1182791 1183791 1183801 1183936 1184136 CVE-2021-3156 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1237-1 Released: Fri Apr 16 08:16:54 2021 Summary: Recommended update for ceph-csi Type: recommended Severity: moderate References: This update for ceph-csi fixes the following issues: - Deployment: Fix snapshot controller deployment - RBD: Fix namespace json parser ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. From sle-updates at lists.suse.com Mon Apr 26 10:15:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 12:15:47 +0200 (CEST) Subject: SUSE-SU-2021:1314-1: important: Security update for java-11-openjdk Message-ID: <20210426101547.DCE01FDE1@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1314-1 Rating: important References: #1184606 #1185055 #1185056 Cross-References: CVE-2021-2161 CVE-2021-2163 CVSS scores: CVE-2021-2161 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 (April 2021 CPU) * CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055) * CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056) - moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1314=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.11.0-3.21.1 java-11-openjdk-debuginfo-11.0.11.0-3.21.1 java-11-openjdk-debugsource-11.0.11.0-3.21.1 java-11-openjdk-demo-11.0.11.0-3.21.1 java-11-openjdk-devel-11.0.11.0-3.21.1 java-11-openjdk-headless-11.0.11.0-3.21.1 References: https://www.suse.com/security/cve/CVE-2021-2161.html https://www.suse.com/security/cve/CVE-2021-2163.html https://bugzilla.suse.com/1184606 https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1185056 From sle-updates at lists.suse.com Mon Apr 26 10:17:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 12:17:05 +0200 (CEST) Subject: SUSE-SU-2021:1313-1: important: Security update for python-aiohttp Message-ID: <20210426101705.B93D1FDE1@maintenance.suse.de> SUSE Security Update: Security update for python-aiohttp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1313-1 Rating: important References: #1184745 Cross-References: CVE-2021-21330 CVSS scores: CVE-2021-21330 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-21330 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-aiohttp fixes the following issues: - CVE-2021-21330: Fixed the way pure-Python HTTP parser interprets `//` (bsc#1184745) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1313=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1313=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1313=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): python-aiohttp-debugsource-3.4.4-3.6.1 python3-aiohttp-3.4.4-3.6.1 python3-aiohttp-debuginfo-3.4.4-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python-aiohttp-debugsource-3.4.4-3.6.1 python-aiohttp-doc-3.4.4-3.6.1 python3-aiohttp-3.4.4-3.6.1 python3-aiohttp-debuginfo-3.4.4-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): python-aiohttp-debugsource-3.4.4-3.6.1 python-aiohttp-doc-3.4.4-3.6.1 python3-aiohttp-3.4.4-3.6.1 python3-aiohttp-debuginfo-3.4.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-21330.html https://bugzilla.suse.com/1184745 From sle-updates at lists.suse.com Mon Apr 26 10:18:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 12:18:16 +0200 (CEST) Subject: SUSE-SU-2021:1315-1: moderate: Security update for apache-commons-io Message-ID: <20210426101816.34ED8FDE1@maintenance.suse.de> SUSE Security Update: Security update for apache-commons-io ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1315-1 Rating: moderate References: #1184755 Cross-References: CVE-2021-29425 CVSS scores: CVE-2021-29425 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-29425 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1315=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1315=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): apache-commons-io-2.4-9.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache-commons-io-2.4-9.3.1 References: https://www.suse.com/security/cve/CVE-2021-29425.html https://bugzilla.suse.com/1184755 From sle-updates at lists.suse.com Mon Apr 26 10:19:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 12:19:22 +0200 (CEST) Subject: SUSE-RU-2021:1316-1: moderate: Recommended update for crash Message-ID: <20210426101922.16E37FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1316-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1316=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1316=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-8.11.1 crash-debugsource-7.2.1-8.11.1 crash-devel-7.2.1-8.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): crash-7.2.1-8.11.1 crash-debuginfo-7.2.1-8.11.1 crash-debugsource-7.2.1-8.11.1 crash-kmp-default-7.2.1_k4.12.14_122.66-8.11.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_122.66-8.11.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): crash-gcore-7.2.1-8.11.1 crash-gcore-debuginfo-7.2.1-8.11.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Mon Apr 26 13:15:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 15:15:39 +0200 (CEST) Subject: SUSE-RU-2021:1317-1: moderate: Recommended update for adcli Message-ID: <20210426131539.09ADAFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1317-1 Rating: moderate References: #1184462 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for adcli fixes the following issues: - Respect allowed Kerberos encryption types. (bsc#1184462) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1317=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-3.11.2 adcli-debuginfo-0.8.2-3.11.2 adcli-debugsource-0.8.2-3.11.2 References: https://bugzilla.suse.com/1184462 From sle-updates at lists.suse.com Mon Apr 26 16:16:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 18:16:12 +0200 (CEST) Subject: SUSE-RU-2021:1320-1: moderate: Recommended update for xorg-x11-server Message-ID: <20210426161612.06D58FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1320-1 Rating: moderate References: #1184072 #1184543 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-server fixes the following issues: - Fixed a crash that might occur when talking to Xwayland (bsc#1184072, bsc#1184543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1320=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1320=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1320=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1320=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1320=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1320=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.30.1 xorg-x11-server-debugsource-1.20.3-22.5.30.1 xorg-x11-server-wayland-1.20.3-22.5.30.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.30.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.30.1 xorg-x11-server-debugsource-1.20.3-22.5.30.1 xorg-x11-server-wayland-1.20.3-22.5.30.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.30.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.30.1 xorg-x11-server-debugsource-1.20.3-22.5.30.1 xorg-x11-server-sdk-1.20.3-22.5.30.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.30.1 xorg-x11-server-debugsource-1.20.3-22.5.30.1 xorg-x11-server-sdk-1.20.3-22.5.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.30.1 xorg-x11-server-debuginfo-1.20.3-22.5.30.1 xorg-x11-server-debugsource-1.20.3-22.5.30.1 xorg-x11-server-extra-1.20.3-22.5.30.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.30.1 xorg-x11-server-debuginfo-1.20.3-22.5.30.1 xorg-x11-server-debugsource-1.20.3-22.5.30.1 xorg-x11-server-extra-1.20.3-22.5.30.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.30.1 References: https://bugzilla.suse.com/1184072 https://bugzilla.suse.com/1184543 From sle-updates at lists.suse.com Mon Apr 26 16:17:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 18:17:26 +0200 (CEST) Subject: SUSE-RU-2021:1321-1: Recommended update for strongswan Message-ID: <20210426161726.90785FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1321-1 Rating: low References: Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for strongswan fixes the following issues: - Added rcstrongswan-starter to this package. Please refer to the README.SUSE file to get more information about its usage. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1321=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1321=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1321=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): strongswan-debuginfo-5.8.2-11.8.4 strongswan-debugsource-5.8.2-11.8.4 strongswan-nm-5.8.2-11.8.4 strongswan-nm-debuginfo-5.8.2-11.8.4 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.8.4 strongswan-debugsource-5.8.2-11.8.4 strongswan-nm-5.8.2-11.8.4 strongswan-nm-debuginfo-5.8.2-11.8.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.8.4 strongswan-debuginfo-5.8.2-11.8.4 strongswan-debugsource-5.8.2-11.8.4 strongswan-hmac-5.8.2-11.8.4 strongswan-ipsec-5.8.2-11.8.4 strongswan-ipsec-debuginfo-5.8.2-11.8.4 strongswan-libs0-5.8.2-11.8.4 strongswan-libs0-debuginfo-5.8.2-11.8.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): strongswan-doc-5.8.2-11.8.4 References: From sle-updates at lists.suse.com Mon Apr 26 16:18:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Apr 2021 18:18:29 +0200 (CEST) Subject: SUSE-RU-2021:1319-1: moderate: Recommended update for openslp Message-ID: <20210426161829.E3A80FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1319-1 Rating: moderate References: #1166637 #1184008 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp fixes the following issues: - Added automated active discovery retries so that DAs do not get dropped, if they are not reachable for some time (bsc#1166637, bsc#1184008) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1319=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1319=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.23.1 openslp-debugsource-2.0.0-18.23.1 openslp-devel-2.0.0-18.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.23.1 openslp-debuginfo-2.0.0-18.23.1 openslp-debugsource-2.0.0-18.23.1 openslp-server-2.0.0-18.23.1 openslp-server-debuginfo-2.0.0-18.23.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): openslp-32bit-2.0.0-18.23.1 openslp-debuginfo-32bit-2.0.0-18.23.1 References: https://bugzilla.suse.com/1166637 https://bugzilla.suse.com/1184008 From sle-updates at lists.suse.com Tue Apr 27 06:08:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 08:08:52 +0200 (CEST) Subject: SUSE-CU-2021:120-1: Recommended update of suse/sle15 Message-ID: <20210427060852.6D390B460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:120-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.896 Container Release : 8.2.896 Severity : moderate Type : recommended References : 1178219 1180836 1183791 1183801 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. From sle-updates at lists.suse.com Tue Apr 27 07:15:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 09:15:32 +0200 (CEST) Subject: SUSE-RU-2021:1323-1: moderate: Recommended update for corosync Message-ID: <20210427071532.DFFF3FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1323-1 Rating: moderate References: #1166899 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issues: - The exit status of 'corosync-quorumtool -s' was incorrectly set (bsc#1166899) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1323=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1323=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1323=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1323=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): corosync-debuginfo-2.3.6-9.16.1 corosync-debugsource-2.3.6-9.16.1 libcorosync-devel-2.3.6-9.16.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): corosync-2.3.6-9.16.1 corosync-debuginfo-2.3.6-9.16.1 corosync-debugsource-2.3.6-9.16.1 libcorosync4-2.3.6-9.16.1 libcorosync4-debuginfo-2.3.6-9.16.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): corosync-2.3.6-9.16.1 corosync-debuginfo-2.3.6-9.16.1 corosync-debugsource-2.3.6-9.16.1 libcorosync4-2.3.6-9.16.1 libcorosync4-debuginfo-2.3.6-9.16.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): corosync-2.3.6-9.16.1 corosync-debuginfo-2.3.6-9.16.1 corosync-debugsource-2.3.6-9.16.1 libcorosync4-2.3.6-9.16.1 libcorosync4-debuginfo-2.3.6-9.16.1 References: https://bugzilla.suse.com/1166899 From sle-updates at lists.suse.com Tue Apr 27 13:16:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 15:16:04 +0200 (CEST) Subject: SUSE-SU-2021:1325-1: important: Security update for MozillaFirefox Message-ID: <20210427131604.416D7FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1325-1 Rating: important References: #1184960 Cross-References: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVSS scores: CVE-2021-23961 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23961 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23994 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23995 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23998 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23999 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-24002 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29945 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29946 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1325=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1325=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1325=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1325=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1325=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1325=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1325=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1325=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1325=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1325=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1325=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1325=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1325=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1325=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1325=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.10.0-112.57.2 MozillaFirefox-debuginfo-78.10.0-112.57.2 MozillaFirefox-debugsource-78.10.0-112.57.2 MozillaFirefox-devel-78.10.0-112.57.2 MozillaFirefox-translations-common-78.10.0-112.57.2 References: https://www.suse.com/security/cve/CVE-2021-23961.html https://www.suse.com/security/cve/CVE-2021-23994.html https://www.suse.com/security/cve/CVE-2021-23995.html https://www.suse.com/security/cve/CVE-2021-23998.html https://www.suse.com/security/cve/CVE-2021-23999.html https://www.suse.com/security/cve/CVE-2021-24002.html https://www.suse.com/security/cve/CVE-2021-29945.html https://www.suse.com/security/cve/CVE-2021-29946.html https://bugzilla.suse.com/1184960 From sle-updates at lists.suse.com Tue Apr 27 16:16:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 18:16:05 +0200 (CEST) Subject: SUSE-RU-2021:1328-1: Recommended update for patterns-sap Message-ID: <20210427161605.51041FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1328-1 Rating: low References: #1180531 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - Added supportutils-plugin-ha-sap as installation requirement (bsc#1180531) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1328=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (ppc64le x86_64): patterns-sap-b1-15.2-4.3.1 patterns-sap-hana-15.2-4.3.1 patterns-sap-nw-15.2-4.3.1 References: https://bugzilla.suse.com/1180531 From sle-updates at lists.suse.com Tue Apr 27 16:17:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 18:17:08 +0200 (CEST) Subject: SUSE-RU-2021:1327-1: moderate: Recommended update for sapstartsrv-resource-agents Message-ID: <20210427161708.D8EE5FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapstartsrv-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1327-1 Rating: moderate References: #1183969 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapstartsrv-resource-agents fixes the following issues: - sapping.service does no longer run a second time after a restart/start of corosync (bsc#1183969) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1327=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1327=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1327=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): sapstartsrv-resource-agents-0.9.0+git.1617199081.815e7ba-1.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): sapstartsrv-resource-agents-0.9.0+git.1617199081.815e7ba-1.6.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sapstartsrv-resource-agents-0.9.0+git.1617199081.815e7ba-1.6.1 References: https://bugzilla.suse.com/1183969 From sle-updates at lists.suse.com Tue Apr 27 16:18:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 18:18:12 +0200 (CEST) Subject: SUSE-RU-2021:1330-1: moderate: Recommended update for saphanabootstrap-formula Message-ID: <20210427161812.DBA63FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for saphanabootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1330-1 Rating: moderate References: #1185090 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for saphanabootstrap-formula fixes the following issues: - Fix the HANA sidadm usage to transform to lowercase some states managing the sudoers file in ha_cluster.sls state file. (bsc#1185090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-1330=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1330=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1330=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-4.14.1 References: https://bugzilla.suse.com/1185090 From sle-updates at lists.suse.com Tue Apr 27 16:19:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 18:19:14 +0200 (CEST) Subject: SUSE-RU-2021:1326-1: moderate: Recommended update for release-notes-sle-micro Message-ID: <20210427161914.7128DFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle-micro ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1326-1 Rating: moderate References: Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for release-notes-sle-micro fixes the following issues: - 5.0.20210401 - Added notes on SELinux, SUSE Manager, updated software for toolbox - Added note about second stage - Added note about System V init scripts - Updated list of AutoYaST modules - Various wording and formatting updates Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1326=1 Package List: - SUSE MicroOS 5.0 (noarch): release-notes-sle-micro-5.0.20210401-3.3.1 References: From sle-updates at lists.suse.com Tue Apr 27 16:20:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 18:20:12 +0200 (CEST) Subject: SUSE-RU-2021:1329-1: moderate: Recommended update for sapnwbootstrap-formula Message-ID: <20210427162012.4BCE9FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1329-1 Rating: moderate References: #1181541 #1185093 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapnwbootstrap-formula fixes the following issues: - Set the virtual ip addresses as permanent, except for HA scenarios, to have them even after a reboot of the machine. (bsc#1185093) - Fix error about missing instance installation requisite when monitoring is enabled. (bsc#1181541) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-1329=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1329=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1329=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): sapnwbootstrap-formula-0.6.2+git.1619009582.e0ae9e8-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sapnwbootstrap-formula-0.6.2+git.1619009582.e0ae9e8-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sapnwbootstrap-formula-0.6.2+git.1619009582.e0ae9e8-4.14.1 References: https://bugzilla.suse.com/1181541 https://bugzilla.suse.com/1185093 From sle-updates at lists.suse.com Tue Apr 27 16:21:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 18:21:20 +0200 (CEST) Subject: SUSE-RU-2021:1331-1: moderate: Recommended update for python-shaptools Message-ID: <20210427162120.E4FD2FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-shaptools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1331-1 Rating: moderate References: #1185090 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-shaptools fixes the following issues: - Fix the HANA 'sidadm' user creation to transform to lowercase properly. (bsc#1185090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-1331=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1331=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1331=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): python-shaptools-0.3.12+git.1619007514.1951d23-4.14.1 python3-shaptools-0.3.12+git.1619007514.1951d23-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-shaptools-0.3.12+git.1619007514.1951d23-4.14.1 python3-shaptools-0.3.12+git.1619007514.1951d23-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-shaptools-0.3.12+git.1619007514.1951d23-4.14.1 python3-shaptools-0.3.12+git.1619007514.1951d23-4.14.1 References: https://bugzilla.suse.com/1185090 From sle-updates at lists.suse.com Tue Apr 27 19:15:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 21:15:42 +0200 (CEST) Subject: SUSE-RU-2021:1334-1: moderate: Recommended update for nfs-utils Message-ID: <20210427191542.2BFE4FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1334-1 Rating: moderate References: #1181651 #1183297 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Add 'mountstats_0_3.py' and man page. 'mountstats_0_3' is mountstats from more recent a nfs-utils release. It add more functionality, but as there are possible incompatible changes, the old mountstats is left unchanged, and the new is provided with the new name. (bsc#1183297) - Improve nfs.man (bsc#1181651) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1334=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.31.1 nfs-client-debuginfo-1.3.0-34.31.1 nfs-doc-1.3.0-34.31.1 nfs-kernel-server-1.3.0-34.31.1 nfs-kernel-server-debuginfo-1.3.0-34.31.1 nfs-utils-debugsource-1.3.0-34.31.1 References: https://bugzilla.suse.com/1181651 https://bugzilla.suse.com/1183297 From sle-updates at lists.suse.com Tue Apr 27 19:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 21:16:56 +0200 (CEST) Subject: SUSE-RU-2021:1336-1: critical: Recommended update for libcap Message-ID: <20210427191656.96AC7FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1336-1 Rating: critical References: #1184434 #1184690 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs'. (bsc#1184690, bsc#1184434) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1336=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1336=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1336=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1336=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1336=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1336=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1336=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1336=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1336=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1336=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1336=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1336=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1336=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1336=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1336=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE OpenStack Cloud 9 (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE OpenStack Cloud 8 (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 i586 ppc64le s390 s390x x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64_ilp32): libcap2-debuginfo-64bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64_ilp32): libcap2-64bit-2.26-14.6.1 libcap2-debuginfo-64bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64_ilp32): libcap2-64bit-2.26-14.6.1 libcap2-debuginfo-64bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libcap-debugsource-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 - HPE Helion Openstack 8 (x86_64): libcap-debugsource-2.26-14.6.1 libcap-devel-2.26-14.6.1 libcap-progs-2.26-14.6.1 libcap-progs-debuginfo-2.26-14.6.1 libcap2-2.26-14.6.1 libcap2-32bit-2.26-14.6.1 libcap2-debuginfo-2.26-14.6.1 libcap2-debuginfo-32bit-2.26-14.6.1 References: https://bugzilla.suse.com/1184434 https://bugzilla.suse.com/1184690 From sle-updates at lists.suse.com Tue Apr 27 19:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 21:18:07 +0200 (CEST) Subject: SUSE-RU-2021:1332-1: moderate: Recommended update for python-shaptools Message-ID: <20210427191807.BB88AFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-shaptools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1332-1 Rating: moderate References: #1185090 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-shaptools fixes the following issues: - Fix the HANA 'sidadm' user creation to transform to lowercase properly. (bsc#1185090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1332=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1332=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): python3-shaptools-0.3.12+git.1619007514.1951d23-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): python3-shaptools-0.3.12+git.1619007514.1951d23-1.12.1 References: https://bugzilla.suse.com/1185090 From sle-updates at lists.suse.com Tue Apr 27 19:19:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 21:19:13 +0200 (CEST) Subject: SUSE-RU-2021:1335-1: important: Recommended update for hawk2 Message-ID: <20210427191913.BC575FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1335-1 Rating: important References: #1184274 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hawk2 fixes the following issue: Update to version 2.6.4: - Fix the wizards User Interface and show it.(bsc#1184274) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-1335=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1335=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1335=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1335=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debuginfo-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debugsource-2.6.4+git.1618478653.7272e6b6-3.30.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debuginfo-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debugsource-2.6.4+git.1618478653.7272e6b6-3.30.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debuginfo-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debugsource-2.6.4+git.1618478653.7272e6b6-3.30.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debuginfo-2.6.4+git.1618478653.7272e6b6-3.30.2 hawk2-debugsource-2.6.4+git.1618478653.7272e6b6-3.30.2 References: https://bugzilla.suse.com/1184274 From sle-updates at lists.suse.com Tue Apr 27 19:20:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Apr 2021 21:20:20 +0200 (CEST) Subject: SUSE-RU-2021:1333-1: moderate: Recommended update for drbd-formula Message-ID: <20210427192020.77D40FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1333-1 Rating: moderate References: #1179529 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-formula fixes the following issues: - Support different backing device per node. (bsc#1179529) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-1333=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1333=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1333=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-4.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-4.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-4.9.1 References: https://bugzilla.suse.com/1179529 From sle-updates at lists.suse.com Wed Apr 28 06:05:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 08:05:55 +0200 (CEST) Subject: SUSE-CU-2021:121-1: Recommended update of suse/sles12sp3 Message-ID: <20210428060555.37776B460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:121-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.247 , suse/sles12sp3:latest Container Release : 24.247 Severity : critical Type : recommended References : 1184434 1184690 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1336-1 Released: Tue Apr 27 17:24:06 2021 Summary: Recommended update for libcap Type: recommended Severity: critical References: 1184434,1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs'. (bsc#1184690, bsc#1184434) From sle-updates at lists.suse.com Wed Apr 28 06:15:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 08:15:28 +0200 (CEST) Subject: SUSE-CU-2021:122-1: Recommended update of suse/sles12sp4 Message-ID: <20210428061528.76170B460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:122-1 Container Tags : suse/sles12sp4:26.282 , suse/sles12sp4:latest Container Release : 26.282 Severity : critical Type : recommended References : 1184434 1184690 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1336-1 Released: Tue Apr 27 17:24:06 2021 Summary: Recommended update for libcap Type: recommended Severity: critical References: 1184434,1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs'. (bsc#1184690, bsc#1184434) From sle-updates at lists.suse.com Wed Apr 28 06:22:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 08:22:32 +0200 (CEST) Subject: SUSE-CU-2021:123-1: Recommended update of suse/sles12sp5 Message-ID: <20210428062233.030FCB460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:123-1 Container Tags : suse/sles12sp5:6.5.168 , suse/sles12sp5:latest Container Release : 6.5.168 Severity : critical Type : recommended References : 1184434 1184690 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1336-1 Released: Tue Apr 27 17:24:06 2021 Summary: Recommended update for libcap Type: recommended Severity: critical References: 1184434,1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs'. (bsc#1184690, bsc#1184434) From sle-updates at lists.suse.com Wed Apr 28 10:16:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 12:16:49 +0200 (CEST) Subject: SUSE-SU-2021:1341-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) Message-ID: <20210428101649.05CBFFE04@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1341-1 Rating: important References: #1182294 Cross-References: CVE-2021-28688 CVSS scores: CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_141 fixes one issue. The following security issue was fixed: - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1341=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1341=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_141-default-3-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_141-default-3-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-28688.html https://bugzilla.suse.com/1182294 From sle-updates at lists.suse.com Wed Apr 28 13:16:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:16:58 +0200 (CEST) Subject: SUSE-SU-2021:1401-1: important: Security update for gdm Message-ID: <20210428131658.97041FE04@maintenance.suse.de> SUSE Security Update: Security update for gdm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1401-1 Rating: important References: #1184456 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gdm fixes the following issues: - Avoid the signal SIGTRAP when gdm exits (bsc#1184456). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1401=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1401=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1401=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1401=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1401=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1401=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1401=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1401=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1401=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1401=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1401=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1401=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1401=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1401=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1401=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE OpenStack Cloud 9 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE OpenStack Cloud 9 (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE OpenStack Cloud 8 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE OpenStack Cloud 8 (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 gdm-devel-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 - HPE Helion Openstack 8 (noarch): gdm-lang-3.10.0.1-54.20.1 gdmflexiserver-3.10.0.1-54.20.1 - HPE Helion Openstack 8 (x86_64): gdm-3.10.0.1-54.20.1 gdm-debuginfo-3.10.0.1-54.20.1 gdm-debugsource-3.10.0.1-54.20.1 libgdm1-3.10.0.1-54.20.1 libgdm1-debuginfo-3.10.0.1-54.20.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.20.1 References: https://bugzilla.suse.com/1184456 From sle-updates at lists.suse.com Wed Apr 28 13:18:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:18:14 +0200 (CEST) Subject: SUSE-SU-2021:1399-1: important: Security update for libnettle Message-ID: <20210428131814.0CADFFE04@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1399-1 Rating: important References: #1183835 #1184401 Cross-References: CVE-2021-20305 CVSS scores: CVE-2021-20305 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1399=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1399=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1399=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1399=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1399=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1399=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1399=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1399=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1399=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1399=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1399=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1399=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1399=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1399=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1399=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE OpenStack Cloud 9 (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE OpenStack Cloud 8 (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libnettle-debugsource-2.7.1-13.3.1 libnettle-devel-2.7.1-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 - HPE Helion Openstack 8 (x86_64): libhogweed2-2.7.1-13.3.1 libhogweed2-32bit-2.7.1-13.3.1 libhogweed2-debuginfo-2.7.1-13.3.1 libhogweed2-debuginfo-32bit-2.7.1-13.3.1 libnettle-debugsource-2.7.1-13.3.1 libnettle4-2.7.1-13.3.1 libnettle4-32bit-2.7.1-13.3.1 libnettle4-debuginfo-2.7.1-13.3.1 libnettle4-debuginfo-32bit-2.7.1-13.3.1 References: https://www.suse.com/security/cve/CVE-2021-20305.html https://bugzilla.suse.com/1183835 https://bugzilla.suse.com/1184401 From sle-updates at lists.suse.com Wed Apr 28 13:19:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:19:38 +0200 (CEST) Subject: SUSE-SU-2021:1344-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15) Message-ID: <20210428131938.13DC6FE04@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1344-1 Rating: important References: #1182294 #1184171 Cross-References: CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 CVSS scores: CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_63 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1360=1 SUSE-SLE-Module-Live-Patching-15-2021-1361=1 SUSE-SLE-Module-Live-Patching-15-2021-1362=1 SUSE-SLE-Module-Live-Patching-15-2021-1363=1 SUSE-SLE-Module-Live-Patching-15-2021-1376=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1342=1 SUSE-SLE-Live-Patching-12-SP4-2021-1343=1 SUSE-SLE-Live-Patching-12-SP4-2021-1344=1 SUSE-SLE-Live-Patching-12-SP4-2021-1345=1 SUSE-SLE-Live-Patching-12-SP4-2021-1346=1 SUSE-SLE-Live-Patching-12-SP4-2021-1374=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_52-default-9-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-9-2.2 kernel-livepatch-4_12_14-150_55-default-9-2.2 kernel-livepatch-4_12_14-150_55-default-debuginfo-9-2.2 kernel-livepatch-4_12_14-150_58-default-8-2.2 kernel-livepatch-4_12_14-150_58-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_63-default-6-2.2 kernel-livepatch-4_12_14-150_63-default-debuginfo-6-2.2 kernel-livepatch-4_12_14-150_66-default-4-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-11-2.2 kgraft-patch-4_12_14-95_54-default-9-2.2 kgraft-patch-4_12_14-95_57-default-9-2.2 kgraft-patch-4_12_14-95_60-default-8-2.2 kgraft-patch-4_12_14-95_65-default-5-2.2 kgraft-patch-4_12_14-95_68-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1184171 From sle-updates at lists.suse.com Wed Apr 28 13:20:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:20:55 +0200 (CEST) Subject: SUSE-SU-2021:14707-1: moderate: Security update for curl Message-ID: <20210428132055.20D87FE04@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14707-1 Rating: moderate References: #1183933 Cross-References: CVE-2021-22876 CVSS scores: CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14707=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.60.1 libcurl4-openssl1-7.37.0-70.60.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.60.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.60.1 References: https://www.suse.com/security/cve/CVE-2021-22876.html https://bugzilla.suse.com/1183933 From sle-updates at lists.suse.com Wed Apr 28 13:22:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:22:56 +0200 (CEST) Subject: SUSE-SU-2021:1347-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15) Message-ID: <20210428132256.8A524FE04@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1347-1 Rating: important References: #1182294 #1184171 Cross-References: CVE-2021-28688 CVE-2021-3444 CVSS scores: CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_69 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1364=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1347=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_69-default-3-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_71-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1184171 From sle-updates at lists.suse.com Wed Apr 28 13:24:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:24:05 +0200 (CEST) Subject: SUSE-SU-2021:1395-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) Message-ID: <20210428132405.6275AFE04@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1395-1 Rating: important References: #1182294 #1183658 #1184171 Cross-References: CVE-2021-28660 CVE-2021-28688 CVE-2021-3444 CVSS scores: CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_86 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183658). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1395=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1385=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_52-default-3-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-3-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-3-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_86-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1183658 https://bugzilla.suse.com/1184171 From sle-updates at lists.suse.com Wed Apr 28 13:25:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:25:26 +0200 (CEST) Subject: SUSE-SU-2021:1373-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) Message-ID: <20210428132526.341D2FE04@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1373-1 Rating: important References: #1182294 Cross-References: CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVSS scores: CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_135 fixes one issue. The following security issues were fixed: - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1337=1 SUSE-SLE-SAP-12-SP3-2021-1338=1 SUSE-SLE-SAP-12-SP3-2021-1339=1 SUSE-SLE-SAP-12-SP3-2021-1340=1 SUSE-SLE-SAP-12-SP3-2021-1371=1 SUSE-SLE-SAP-12-SP3-2021-1372=1 SUSE-SLE-SAP-12-SP3-2021-1373=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1337=1 SUSE-SLE-SERVER-12-SP3-2021-1338=1 SUSE-SLE-SERVER-12-SP3-2021-1339=1 SUSE-SLE-SERVER-12-SP3-2021-1340=1 SUSE-SLE-SERVER-12-SP3-2021-1371=1 SUSE-SLE-SERVER-12-SP3-2021-1372=1 SUSE-SLE-SERVER-12-SP3-2021-1373=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-10-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-10-2.2 kgraft-patch-4_4_180-94_121-default-9-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_124-default-9-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_127-default-9-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_130-default-8-2.2 kgraft-patch-4_4_180-94_130-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_135-default-6-2.2 kgraft-patch-4_4_180-94_135-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_138-default-4-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-4-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-10-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-10-2.2 kgraft-patch-4_4_180-94_121-default-9-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_124-default-9-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_127-default-9-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_130-default-8-2.2 kgraft-patch-4_4_180-94_130-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_135-default-6-2.2 kgraft-patch-4_4_180-94_135-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_138-default-4-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-4-2.2 References: https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-28688.html https://bugzilla.suse.com/1182294 From sle-updates at lists.suse.com Wed Apr 28 13:26:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:26:59 +0200 (CEST) Subject: SUSE-SU-2021:1365-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) Message-ID: <20210428132659.0F9E5FE04@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1365-1 Rating: important References: #1182294 #1183658 #1184171 Cross-References: CVE-2021-26930 CVE-2021-26931 CVE-2021-28660 CVE-2021-28688 CVE-2021-3444 CVSS scores: CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_64 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183658). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1369=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1370=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1386=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1387=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1388=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1389=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1390=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1391=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1392=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1393=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1394=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1365=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1366=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1367=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1368=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1377=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1378=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1379=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1380=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1381=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1382=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1383=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1384=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1348=1 SUSE-SLE-Live-Patching-12-SP5-2021-1349=1 SUSE-SLE-Live-Patching-12-SP5-2021-1350=1 SUSE-SLE-Live-Patching-12-SP5-2021-1351=1 SUSE-SLE-Live-Patching-12-SP5-2021-1352=1 SUSE-SLE-Live-Patching-12-SP5-2021-1353=1 SUSE-SLE-Live-Patching-12-SP5-2021-1354=1 SUSE-SLE-Live-Patching-12-SP5-2021-1355=1 SUSE-SLE-Live-Patching-12-SP5-2021-1356=1 SUSE-SLE-Live-Patching-12-SP5-2021-1357=1 SUSE-SLE-Live-Patching-12-SP5-2021-1358=1 SUSE-SLE-Live-Patching-12-SP5-2021-1359=1 SUSE-SLE-Live-Patching-12-SP5-2021-1375=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-10-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-10-5.2 kernel-livepatch-5_3_18-24_12-default-8-2.2 kernel-livepatch-5_3_18-24_12-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_15-default-8-2.2 kernel-livepatch-5_3_18-24_15-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_24-default-8-2.2 kernel-livepatch-5_3_18-24_24-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_29-default-6-2.2 kernel-livepatch-5_3_18-24_29-default-debuginfo-6-2.2 kernel-livepatch-5_3_18-24_34-default-6-2.2 kernel-livepatch-5_3_18-24_34-default-debuginfo-6-2.2 kernel-livepatch-5_3_18-24_37-default-6-2.2 kernel-livepatch-5_3_18-24_37-default-debuginfo-6-2.2 kernel-livepatch-5_3_18-24_43-default-5-2.2 kernel-livepatch-5_3_18-24_43-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_46-default-5-2.2 kernel-livepatch-5_3_18-24_46-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_49-default-4-2.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-4-2.2 kernel-livepatch-5_3_18-24_9-default-9-2.2 kernel-livepatch-5_3_18-24_9-default-debuginfo-9-2.2 kernel-livepatch-SLE15-SP2_Update_0-debugsource-10-5.2 kernel-livepatch-SLE15-SP2_Update_1-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_10-debugsource-4-2.2 kernel-livepatch-SLE15-SP2_Update_2-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_3-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_4-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_5-debugsource-6-2.2 kernel-livepatch-SLE15-SP2_Update_6-debugsource-6-2.2 kernel-livepatch-SLE15-SP2_Update_7-debugsource-6-2.2 kernel-livepatch-SLE15-SP2_Update_8-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_9-debugsource-5-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_40-default-11-2.2 kernel-livepatch-4_12_14-197_45-default-9-2.2 kernel-livepatch-4_12_14-197_48-default-9-2.2 kernel-livepatch-4_12_14-197_51-default-9-2.2 kernel-livepatch-4_12_14-197_56-default-8-2.2 kernel-livepatch-4_12_14-197_61-default-7-2.2 kernel-livepatch-4_12_14-197_64-default-6-2.2 kernel-livepatch-4_12_14-197_67-default-6-2.2 kernel-livepatch-4_12_14-197_72-default-5-2.2 kernel-livepatch-4_12_14-197_75-default-5-2.2 kernel-livepatch-4_12_14-197_78-default-5-2.2 kernel-livepatch-4_12_14-197_83-default-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_20-default-12-2.2 kgraft-patch-4_12_14-122_23-default-11-2.2 kgraft-patch-4_12_14-122_26-default-11-2.2 kgraft-patch-4_12_14-122_29-default-11-2.2 kgraft-patch-4_12_14-122_32-default-11-2.2 kgraft-patch-4_12_14-122_37-default-10-2.2 kgraft-patch-4_12_14-122_41-default-9-2.2 kgraft-patch-4_12_14-122_46-default-7-2.2 kgraft-patch-4_12_14-122_51-default-7-2.2 kgraft-patch-4_12_14-122_54-default-5-2.2 kgraft-patch-4_12_14-122_57-default-5-2.2 kgraft-patch-4_12_14-122_60-default-4-2.2 kgraft-patch-4_12_14-122_63-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-26930.html https://www.suse.com/security/cve/CVE-2021-26931.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1183658 https://bugzilla.suse.com/1184171 From sle-updates at lists.suse.com Wed Apr 28 13:28:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:28:35 +0200 (CEST) Subject: SUSE-SU-2021:1396-1: moderate: Security update for curl Message-ID: <20210428132835.DBCE0FE04@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1396-1 Rating: moderate References: #1183933 Cross-References: CVE-2021-22876 CVSS scores: CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1396=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1396=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.15.1 curl-debugsource-7.60.0-11.15.1 libcurl-devel-7.60.0-11.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.15.1 curl-debuginfo-7.60.0-11.15.1 curl-debugsource-7.60.0-11.15.1 libcurl4-7.60.0-11.15.1 libcurl4-debuginfo-7.60.0-11.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.15.1 libcurl4-debuginfo-32bit-7.60.0-11.15.1 References: https://www.suse.com/security/cve/CVE-2021-22876.html https://bugzilla.suse.com/1183933 From sle-updates at lists.suse.com Wed Apr 28 13:29:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 15:29:39 +0200 (CEST) Subject: SUSE-RU-2021:1400-1: moderate: Recommended update for dpdk Message-ID: <20210428132939.CCBF2FE04@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1400-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1400=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1400=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.9-3.19.1 dpdk-debugsource-18.11.9-3.19.1 dpdk-devel-18.11.9-3.19.1 dpdk-devel-debuginfo-18.11.9-3.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): dpdk-thunderx-debuginfo-18.11.9-3.19.1 dpdk-thunderx-debugsource-18.11.9-3.19.1 dpdk-thunderx-devel-18.11.9-3.19.1 dpdk-thunderx-devel-debuginfo-18.11.9-3.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): dpdk-18.11.9-3.19.1 dpdk-debuginfo-18.11.9-3.19.1 dpdk-debugsource-18.11.9-3.19.1 dpdk-tools-18.11.9-3.19.1 dpdk-tools-debuginfo-18.11.9-3.19.1 libdpdk-18_11-18.11.9-3.19.1 libdpdk-18_11-debuginfo-18.11.9-3.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): dpdk-thunderx-18.11.9-3.19.1 dpdk-thunderx-debuginfo-18.11.9-3.19.1 dpdk-thunderx-debugsource-18.11.9-3.19.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.66-3.19.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_122.66-3.19.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): dpdk-kmp-default-18.11.9_k4.12.14_122.66-3.19.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_122.66-3.19.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Wed Apr 28 16:17:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 18:17:05 +0200 (CEST) Subject: SUSE-RU-2021:1405-1: moderate: Recommended update for brp-check-suse Message-ID: <20210428161705.CE271FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for brp-check-suse ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1405-1 Rating: moderate References: #1184555 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for brp-check-suse fixes the following issues: - Add patch to implement fipscheck. (bsc#1184555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1405=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1405=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): brp-check-suse-84.87+git20181106.224b37d-3.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): brp-check-suse-84.87+git20181106.224b37d-3.11.1 References: https://bugzilla.suse.com/1184555 From sle-updates at lists.suse.com Wed Apr 28 16:18:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 18:18:11 +0200 (CEST) Subject: SUSE-RU-2021:1403-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Message-ID: <20210428161811.726C0FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1403-1 Rating: moderate References: #1180304 #1182793 #1183414 #1183415 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent.SUSE_SLE-12_Update: - Update to version 20210223.01 (bsc#1183414, bsc#1183415) * add a match block to sshd_config for SAs (#99) * add ipv6 forwarded ip support (#101) * call restorecon on ssh host keys (#98) * Include startup and shutdown in preset (#96) * set metadata URL earlier (#94) - Fix activation logic of systemd services (bsc#1182793) - Update to version 20201211.00 * Require snapshot scripts to live under /etc/google/snapshots (#90) * Adding support for Windows user account password lengths between 15 and 255 characters. (#91) * Adding bkatyl to OWNERS (#92) Changes in google-guest-configs.SUSE_SLE-12_Update: - Update to version 20210317.00 (bsc#1183414, bsc#1183415) * dracut.conf wants spaces around values (#19) * make the same change for debian (#18) * change path back for google_nvme_id (#17) * move google_nvme_id to /usr/bin (#16) * correct udev rule syntax (#15) * prune el6 spec (#13) * Updated udev rules (#11) - Remove empty %{_sbindir} from %install and %files section - Remove service files (bsc#1180304) + google-optimize-local-ssd.service, google-set-multiqueue.service scripts are called from within the guest agent Changes in google-guest-oslogin.SUSE_SLE-12_Update: - Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53) - Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49) * add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1403=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210223.01-1.17.1 google-guest-oslogin-20210316.00-1.14.1 google-guest-oslogin-debuginfo-20210316.00-1.14.1 google-guest-oslogin-debugsource-20210316.00-1.14.1 google-osconfig-agent-20210316.00-1.8.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-guest-configs-20210317.00-1.11.1 References: https://bugzilla.suse.com/1180304 https://bugzilla.suse.com/1182793 https://bugzilla.suse.com/1183414 https://bugzilla.suse.com/1183415 From sle-updates at lists.suse.com Wed Apr 28 16:20:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 18:20:25 +0200 (CEST) Subject: SUSE-RU-2021:1402-1: moderate: Recommended update for python-yarl Message-ID: <20210428162025.9F6FBFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-yarl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1402-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python-yarl contains the following fixes: - Fix python-yarl to build with new python3 version. - Allows mixing amps and semicolons in query strings as separators over previous changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1402=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1402=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python-yarl-debugsource-1.3.0-3.6.1 python3-yarl-1.3.0-3.6.1 python3-yarl-debuginfo-1.3.0-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): python-yarl-debugsource-1.3.0-3.6.1 python3-yarl-1.3.0-3.6.1 python3-yarl-debuginfo-1.3.0-3.6.1 References: From sle-updates at lists.suse.com Wed Apr 28 16:21:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 18:21:24 +0200 (CEST) Subject: SUSE-RU-2021:1404-1: moderate: Recommended update for gnome-session Message-ID: <20210428162124.B5098FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1404-1 Rating: moderate References: #1175622 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-session fixes the following issues: - Fix for an issue when VNC fails after upgrade from 15 SP1 to SP2. (bsc#1175622, glgo!GNOME/gnome-session!60) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1404=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1404=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): gnome-session-debugsource-3.34.2-6.3.1 gnome-session-wayland-3.34.2-6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-session-3.34.2-6.3.1 gnome-session-core-3.34.2-6.3.1 gnome-session-core-debuginfo-3.34.2-6.3.1 gnome-session-debugsource-3.34.2-6.3.1 gnome-session-default-session-3.34.2-6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-session-lang-3.34.2-6.3.1 References: https://bugzilla.suse.com/1175622 From sle-updates at lists.suse.com Wed Apr 28 19:16:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:16:21 +0200 (CEST) Subject: SUSE-SU-2021:1408-1: important: Security update for librsvg Message-ID: <20210428191621.44C42FDE1@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1408-1 Rating: important References: #1183403 Cross-References: CVE-2021-25900 CVSS scores: CVE-2021-25900 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librsvg fixes the following issues: - librsvg was updated to 2.46.5: * Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2021-25900 (bsc#1183403) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1408=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1408=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1408=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1408=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.46.5-3.3.1 librsvg-devel-2.46.5-3.3.1 typelib-1_0-Rsvg-2_0-2.46.5-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.46.5-3.3.1 librsvg-devel-2.46.5-3.3.1 typelib-1_0-Rsvg-2_0-2.46.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.46.5-3.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-3.3.1 librsvg-2-2-2.46.5-3.3.1 librsvg-2-2-debuginfo-2.46.5-3.3.1 librsvg-debugsource-2.46.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.46.5-3.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-3.3.1 librsvg-2-2-2.46.5-3.3.1 librsvg-2-2-debuginfo-2.46.5-3.3.1 librsvg-debugsource-2.46.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-25900.html https://bugzilla.suse.com/1183403 From sle-updates at lists.suse.com Wed Apr 28 19:17:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:17:29 +0200 (CEST) Subject: SUSE-SU-2021:14708-1: important: Security update for MozillaFirefox Message-ID: <20210428191729.52DAAFDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14708-1 Rating: important References: #1184960 Cross-References: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVSS scores: CVE-2021-23961 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23961 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23994 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23995 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23998 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23999 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-24002 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29945 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29946 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14708=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14708=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.10.0-78.126.1 MozillaFirefox-translations-common-78.10.0-78.126.1 MozillaFirefox-translations-other-78.10.0-78.126.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.10.0-78.126.1 References: https://www.suse.com/security/cve/CVE-2021-23961.html https://www.suse.com/security/cve/CVE-2021-23994.html https://www.suse.com/security/cve/CVE-2021-23995.html https://www.suse.com/security/cve/CVE-2021-23998.html https://www.suse.com/security/cve/CVE-2021-23999.html https://www.suse.com/security/cve/CVE-2021-24002.html https://www.suse.com/security/cve/CVE-2021-29945.html https://www.suse.com/security/cve/CVE-2021-29946.html https://bugzilla.suse.com/1184960 From sle-updates at lists.suse.com Wed Apr 28 19:18:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:18:42 +0200 (CEST) Subject: SUSE-RU-2021:1407-1: important: Recommended update for libcap Message-ID: <20210428191842.8C296FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1407-1 Rating: important References: #1184690 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1407=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1407=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1407=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1407=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1407=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1407=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1407=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1407=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1407=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1407=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1407=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1407=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1407=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1407=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1407=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1407=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libcap-debugsource-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Manager Server 4.0 (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Manager Proxy 4.0 (x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 - SUSE Enterprise Storage 6 (x86_64): libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 - SUSE CaaS Platform 4.0 (x86_64): libcap-debugsource-2.26-4.6.1 libcap-devel-2.26-4.6.1 libcap-progs-2.26-4.6.1 libcap-progs-debuginfo-2.26-4.6.1 libcap2-2.26-4.6.1 libcap2-32bit-2.26-4.6.1 libcap2-32bit-debuginfo-2.26-4.6.1 libcap2-debuginfo-2.26-4.6.1 References: https://bugzilla.suse.com/1184690 From sle-updates at lists.suse.com Wed Apr 28 19:19:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:19:51 +0200 (CEST) Subject: SUSE-SU-2021:1409-1: Security update for giflib Message-ID: <20210428191951.C04B0FDE1@maintenance.suse.de> SUSE Security Update: Security update for giflib ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1409-1 Rating: low References: #1184123 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for giflib fixes the following issues: - Enable Position Independent Code and inherit CFLAGS from the build system (bsc#1184123). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1409=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1409=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.1.4-4.3.1 giflib-devel-5.1.4-4.3.1 libgif7-5.1.4-4.3.1 libgif7-debuginfo-5.1.4-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.1.4-4.3.1 giflib-devel-5.1.4-4.3.1 libgif7-5.1.4-4.3.1 libgif7-debuginfo-5.1.4-4.3.1 References: https://bugzilla.suse.com/1184123 From sle-updates at lists.suse.com Wed Apr 28 19:21:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:21:02 +0200 (CEST) Subject: SUSE-SU-2021:1412-1: important: Security update for libnettle Message-ID: <20210428192102.69C29FDE1@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1412-1 Rating: important References: #1184401 Cross-References: CVE-2021-20305 CVSS scores: CVE-2021-20305 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1412=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1412=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1412=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1412=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1412=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1412=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1412=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1412=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1412=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1412=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1412=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1412=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1412=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1412=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1412=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1412=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Manager Server 4.0 (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Manager Proxy 4.0 (x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 - SUSE Enterprise Storage 6 (x86_64): libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 - SUSE CaaS Platform 4.0 (x86_64): libhogweed4-3.4.1-4.15.1 libhogweed4-32bit-3.4.1-4.15.1 libhogweed4-32bit-debuginfo-3.4.1-4.15.1 libhogweed4-debuginfo-3.4.1-4.15.1 libnettle-debugsource-3.4.1-4.15.1 libnettle-devel-3.4.1-4.15.1 libnettle6-3.4.1-4.15.1 libnettle6-32bit-3.4.1-4.15.1 libnettle6-32bit-debuginfo-3.4.1-4.15.1 libnettle6-debuginfo-3.4.1-4.15.1 References: https://www.suse.com/security/cve/CVE-2021-20305.html https://bugzilla.suse.com/1184401 From sle-updates at lists.suse.com Wed Apr 28 19:22:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:22:14 +0200 (CEST) Subject: SUSE-RU-2021:1413-1: moderate: Recommended update for nautilus Message-ID: <20210428192214.755BAFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1413-1 Rating: moderate References: #1171506 #1185026 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nautilus fixes the following issues: - Use the right value in gio command. (bsc#1185026) - Update to version 3.34.3 (bsc#1171506): + Revert icon emblem fixes in order to prevent performance issues. + Fix crashes often happening when searching. + Fix crashes after conflict dialog response. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1413=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1413=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.34.3-4.3.1 libnautilus-extension1-3.34.3-4.3.1 libnautilus-extension1-debuginfo-3.34.3-4.3.1 nautilus-3.34.3-4.3.1 nautilus-debuginfo-3.34.3-4.3.1 nautilus-debugsource-3.34.3-4.3.1 nautilus-devel-3.34.3-4.3.1 typelib-1_0-Nautilus-3_0-3.34.3-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): nautilus-lang-3.34.3-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.34.3-4.3.1 libnautilus-extension1-3.34.3-4.3.1 libnautilus-extension1-debuginfo-3.34.3-4.3.1 nautilus-3.34.3-4.3.1 nautilus-debuginfo-3.34.3-4.3.1 nautilus-debugsource-3.34.3-4.3.1 nautilus-devel-3.34.3-4.3.1 typelib-1_0-Nautilus-3_0-3.34.3-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): nautilus-lang-3.34.3-4.3.1 References: https://bugzilla.suse.com/1171506 https://bugzilla.suse.com/1185026 From sle-updates at lists.suse.com Wed Apr 28 19:23:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Apr 2021 21:23:21 +0200 (CEST) Subject: SUSE-RU-2021:1410-1: moderate: Recommended update for lttng-modules Message-ID: <20210428192321.86836FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1410-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lttng-modules fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-1410=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1410=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): lttng-modules-kmp-rt-2.10.10_k5.3.18_8.3-5.5.1 lttng-modules-kmp-rt-debuginfo-2.10.10_k5.3.18_8.3-5.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): lttng-modules-2.10.10-5.5.1 lttng-modules-debugsource-2.10.10-5.5.1 lttng-modules-kmp-default-2.10.10_k5.3.18_24.61-5.5.1 lttng-modules-kmp-default-debuginfo-2.10.10_k5.3.18_24.61-5.5.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Wed Apr 28 22:15:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 00:15:58 +0200 (CEST) Subject: SUSE-RU-2021:1414-1: important: Recommended update for boost-legacy Message-ID: <20210428221558.8029AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost-legacy ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1414-1 Rating: important References: #1006584 #1038083 #1076640 #1082318 #1175886 #401964 #439805 #457699 #461372 #477603 #479659 #544958 #621140 #655747 #714373 #765443 #951902 #958150 #994378 #994381 #994382 #994383 #996917 ECO-3147 SLE-17304 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has 22 fixes is now available. Description: This update for boost-legacy fixes the following issues: Create a new boost-legacy package with version 1.66.0. (bsc#1175886, jsc#SLE-17304, jsc#ECO-3147) - Remove duplicate license package that we get from original Boost - Add a backport of `Boost.Optional::has_value()` for LibreOffice - Use `%license` instead of `%doc` (bsc#1082318) - Multibuild requires versioned `Name: tag` . (bsc#1076640) Changes in version 1.66.0: - `Beast`: new portable HTTP, WebSocket and network operations using `Boost.Asio`. Header-only library. - `Callable Traits`: new library and successor to `Boost.FunctionTypes`. Header-only library. - `Mp11:` new metaprogramming library - ` Asio`: - implemented interface changes to reflect the Networking TS (N4656) - functions and classes that have been superseded by Networking TS functionality have been deprecated. - added support for customized handler tracking - removed previously deprecated functions - `Atomic`: improved compatibility with GCC 7. 128-bit operations on `x86_64` no longer require linking with compiled library. - `DateTime`: Fixed an integral overflow that could cause incorrect results when adding or subtracting many years from a date. - `Format`: New format specifiers added and volatile arguments can not be safely used with operator`%` - `Fusion`: - fix compile error with `std::array` - remove circular preprocessor include - `PolyCollection`: backported to GCC 4.8 and 4.9 with some limitations - `Uuid`: added `RTF-4122` namespaces in `boost::uuids::ns` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1414=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): libboost_locale_legacy-1.66.0-1.4.1 libboost_locale_legacy-debuginfo-1.66.0-1.4.1 libboost_regex_legacy-1.66.0-1.4.1 libboost_regex_legacy-debuginfo-1.66.0-1.4.1 References: https://www.suse.com/security/cve/CVE-2008-0171.html https://bugzilla.suse.com/1006584 https://bugzilla.suse.com/1038083 https://bugzilla.suse.com/1076640 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1175886 https://bugzilla.suse.com/401964 https://bugzilla.suse.com/439805 https://bugzilla.suse.com/457699 https://bugzilla.suse.com/461372 https://bugzilla.suse.com/477603 https://bugzilla.suse.com/479659 https://bugzilla.suse.com/544958 https://bugzilla.suse.com/621140 https://bugzilla.suse.com/655747 https://bugzilla.suse.com/714373 https://bugzilla.suse.com/765443 https://bugzilla.suse.com/951902 https://bugzilla.suse.com/958150 https://bugzilla.suse.com/994378 https://bugzilla.suse.com/994381 https://bugzilla.suse.com/994382 https://bugzilla.suse.com/994383 https://bugzilla.suse.com/996917 From sle-updates at lists.suse.com Wed Apr 28 22:18:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 00:18:57 +0200 (CEST) Subject: SUSE-RU-2021:1415-1: moderate: Recommended update for pulseaudio Message-ID: <20210428221857.BDE06FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1415-1 Rating: moderate References: #1183546 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pulseaudio fixes the following issues: - Fixed "Failed to open audio file" error for FLAC and OGG (bsc#1183546) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1415=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1415=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1415=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1415=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): pulseaudio-debuginfo-13.0-4.5.1 pulseaudio-debugsource-13.0-4.5.1 pulseaudio-module-bluetooth-13.0-4.5.1 pulseaudio-module-bluetooth-debuginfo-13.0-4.5.1 pulseaudio-module-lirc-13.0-4.5.1 pulseaudio-module-lirc-debuginfo-13.0-4.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libpulse0-32bit-13.0-4.5.1 libpulse0-32bit-debuginfo-13.0-4.5.1 pulseaudio-debugsource-13.0-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): pulseaudio-13.0-4.5.1 pulseaudio-bash-completion-13.0-4.5.1 pulseaudio-debuginfo-13.0-4.5.1 pulseaudio-debugsource-13.0-4.5.1 pulseaudio-esound-compat-13.0-4.5.1 pulseaudio-gdm-hooks-13.0-4.5.1 pulseaudio-module-gconf-13.0-4.5.1 pulseaudio-module-gconf-debuginfo-13.0-4.5.1 pulseaudio-module-gsettings-13.0-4.5.1 pulseaudio-module-gsettings-debuginfo-13.0-4.5.1 pulseaudio-module-x11-13.0-4.5.1 pulseaudio-module-x11-debuginfo-13.0-4.5.1 pulseaudio-module-zeroconf-13.0-4.5.1 pulseaudio-module-zeroconf-debuginfo-13.0-4.5.1 pulseaudio-utils-13.0-4.5.1 pulseaudio-utils-debuginfo-13.0-4.5.1 pulseaudio-zsh-completion-13.0-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): pulseaudio-lang-13.0-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpulse-devel-13.0-4.5.1 libpulse-mainloop-glib0-13.0-4.5.1 libpulse-mainloop-glib0-debuginfo-13.0-4.5.1 libpulse0-13.0-4.5.1 libpulse0-debuginfo-13.0-4.5.1 pulseaudio-debuginfo-13.0-4.5.1 pulseaudio-debugsource-13.0-4.5.1 References: https://bugzilla.suse.com/1183546 From sle-updates at lists.suse.com Thu Apr 29 06:09:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 08:09:30 +0200 (CEST) Subject: SUSE-CU-2021:124-1: Security update of suse/sles12sp3 Message-ID: <20210429060930.38A7EB460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:124-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.248 , suse/sles12sp3:latest Container Release : 24.248 Severity : moderate Type : security References : 1183933 CVE-2021-22876 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1398-1 Released: Wed Apr 28 09:24:14 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,CVE-2021-22876 This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). From sle-updates at lists.suse.com Thu Apr 29 06:17:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 08:17:29 +0200 (CEST) Subject: SUSE-CU-2021:125-1: Security update of suse/sles12sp5 Message-ID: <20210429061729.31AC7B460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:125-1 Container Tags : suse/sles12sp5:6.5.169 , suse/sles12sp5:latest Container Release : 6.5.169 Severity : moderate Type : security References : 1183933 CVE-2021-22876 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1396-1 Released: Wed Apr 28 09:23:39 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,CVE-2021-22876 This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). From sle-updates at lists.suse.com Thu Apr 29 06:33:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 08:33:43 +0200 (CEST) Subject: SUSE-CU-2021:126-1: Recommended update of suse/sle15 Message-ID: <20210429063343.C3B2AB460A1@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:126-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.382 Container Release : 4.22.382 Severity : important Type : recommended References : 1184690 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) From sle-updates at lists.suse.com Thu Apr 29 06:46:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 08:46:23 +0200 (CEST) Subject: SUSE-CU-2021:127-1: Security update of suse/sle15 Message-ID: <20210429064623.159FCB46139@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:127-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.442 Container Release : 6.2.442 Severity : important Type : security References : 1184401 1184690 CVE-2021-20305 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). From sle-updates at lists.suse.com Thu Apr 29 06:53:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 08:53:33 +0200 (CEST) Subject: SUSE-CU-2021:128-1: Security update of suse/sle15 Message-ID: <20210429065333.83D8EB46139@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:128-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.899 Container Release : 8.2.899 Severity : important Type : security References : 1184401 1184690 CVE-2021-20305 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). From sle-updates at lists.suse.com Thu Apr 29 10:17:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:17:45 +0200 (CEST) Subject: SUSE-RU-2021:1419-1: moderate: Recommended update for dracut Message-ID: <20210429101745.0816EFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1419-1 Rating: moderate References: #1178219 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1419=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1419=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.187.g63c1504f-3.27.1 dracut-debuginfo-049.1+suse.187.g63c1504f-3.27.1 dracut-debugsource-049.1+suse.187.g63c1504f-3.27.1 dracut-fips-049.1+suse.187.g63c1504f-3.27.1 dracut-ima-049.1+suse.187.g63c1504f-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.187.g63c1504f-3.27.1 dracut-debuginfo-049.1+suse.187.g63c1504f-3.27.1 dracut-debugsource-049.1+suse.187.g63c1504f-3.27.1 dracut-fips-049.1+suse.187.g63c1504f-3.27.1 dracut-ima-049.1+suse.187.g63c1504f-3.27.1 References: https://bugzilla.suse.com/1178219 From sle-updates at lists.suse.com Thu Apr 29 10:18:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:18:56 +0200 (CEST) Subject: SUSE-RU-2021:1417-1: moderate: Recommended update for ntp Message-ID: <20210429101856.2D6FCFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1417-1 Rating: moderate References: #1185171 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ntp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'ntpd.service'. (bsc#1185171) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-1417=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1417=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.13.1 ntp-debuginfo-4.2.8p15-4.13.1 ntp-debugsource-4.2.8p15-4.13.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.13.1 ntp-debuginfo-4.2.8p15-4.13.1 ntp-debugsource-4.2.8p15-4.13.1 References: https://bugzilla.suse.com/1185171 From sle-updates at lists.suse.com Thu Apr 29 10:20:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:20:07 +0200 (CEST) Subject: SUSE-RU-2021:1426-1: moderate: Recommended update for libsolv Message-ID: <20210429102007.C7472FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1426-1 Rating: moderate References: Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1426=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1426=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1426=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1426=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.20.1 libsolv-debugsource-0.7.19-3.20.1 libsolv-tools-0.7.19-3.20.1 libsolv-tools-debuginfo-0.7.19-3.20.1 libzypp-17.25.8-3.33.1 libzypp-debuginfo-17.25.8-3.33.1 libzypp-debugsource-17.25.8-3.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.19-3.20.1 libsolv-debugsource-0.7.19-3.20.1 perl-solv-0.7.19-3.20.1 perl-solv-debuginfo-0.7.19-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.19-3.20.1 libsolv-debugsource-0.7.19-3.20.1 libsolv-devel-0.7.19-3.20.1 libsolv-devel-debuginfo-0.7.19-3.20.1 libsolv-tools-0.7.19-3.20.1 libsolv-tools-debuginfo-0.7.19-3.20.1 libzypp-17.25.8-3.33.1 libzypp-debuginfo-17.25.8-3.33.1 libzypp-debugsource-17.25.8-3.33.1 libzypp-devel-17.25.8-3.33.1 python3-solv-0.7.19-3.20.1 python3-solv-debuginfo-0.7.19-3.20.1 ruby-solv-0.7.19-3.20.1 ruby-solv-debuginfo-0.7.19-3.20.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.19-3.20.1 libzypp-17.25.8-3.33.1 References: From sle-updates at lists.suse.com Thu Apr 29 10:21:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:21:10 +0200 (CEST) Subject: SUSE-RU-2021:1428-1: moderate: Recommended update for nvme-cli Message-ID: <20210429102110.DA75BFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1428-1 Rating: moderate References: #1180505 #1182591 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Use default port 8009 for NVMeoF discovery (bsc#1180505) - Added missing huck from previous backport (bsc#1182591) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1428=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1428=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): nvme-cli-1.10-4.9.1 nvme-cli-debuginfo-1.10-4.9.1 nvme-cli-debugsource-1.10-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nvme-cli-1.10-4.9.1 nvme-cli-debuginfo-1.10-4.9.1 nvme-cli-debugsource-1.10-4.9.1 References: https://bugzilla.suse.com/1180505 https://bugzilla.suse.com/1182591 From sle-updates at lists.suse.com Thu Apr 29 10:22:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:22:22 +0200 (CEST) Subject: SUSE-RU-2021:1423-1: moderate: Recommended update for yast2-samba-client Message-ID: <20210429102222.559D2FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-samba-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1423-1 Rating: moderate References: #1181595 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-samba-client fixes the following issues: - Fix joining a domain when running a clustered Samba environment. (bsc#1181595) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1423=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-samba-client-4.2.4-3.3.1 References: https://bugzilla.suse.com/1181595 From sle-updates at lists.suse.com Thu Apr 29 10:23:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:23:28 +0200 (CEST) Subject: SUSE-RU-2021:1421-1: moderate: Recommended update for plymouth Message-ID: <20210429102328.94FC6FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1421-1 Rating: moderate References: #1177082 #1182145 #1184087 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for plymouth fixes the following issues: - Change playmouth systemd service as the the old method is unsafe. (bsc#1177082, bsc#1182145) - Switch 'x11_renderer' build condition and can prevent plymouth build failures. - Temporary disable it, because aarch64 and ppc64le system could not booting in release period, and this is only a enhancement with no harm to rollback. (bsc#1184087) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1421=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libply-boot-client5-0.9.5+git20190908+3abfab2-3.22.1 libply-boot-client5-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 libply-splash-core5-0.9.5+git20190908+3abfab2-3.22.1 libply-splash-core5-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 libply-splash-graphics5-0.9.5+git20190908+3abfab2-3.22.1 libply-splash-graphics5-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 libply5-0.9.5+git20190908+3abfab2-3.22.1 libply5-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 plymouth-0.9.5+git20190908+3abfab2-3.22.1 plymouth-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 plymouth-debugsource-0.9.5+git20190908+3abfab2-3.22.1 plymouth-devel-0.9.5+git20190908+3abfab2-3.22.1 plymouth-dracut-0.9.5+git20190908+3abfab2-3.22.1 plymouth-plugin-label-0.9.5+git20190908+3abfab2-3.22.1 plymouth-plugin-label-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 plymouth-plugin-label-ft-0.9.5+git20190908+3abfab2-3.22.1 plymouth-plugin-label-ft-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 plymouth-plugin-script-0.9.5+git20190908+3abfab2-3.22.1 plymouth-plugin-script-debuginfo-0.9.5+git20190908+3abfab2-3.22.1 plymouth-scripts-0.9.5+git20190908+3abfab2-3.22.1 References: https://bugzilla.suse.com/1177082 https://bugzilla.suse.com/1182145 https://bugzilla.suse.com/1184087 From sle-updates at lists.suse.com Thu Apr 29 10:24:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:24:46 +0200 (CEST) Subject: SUSE-OU-2021:1425-1: Optional update for tcpdump Message-ID: <20210429102446.0F0CFFDE1@maintenance.suse.de> SUSE Optional Update: Optional update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1425-1 Rating: low References: #1183800 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1425=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.15.1 tcpdump-debuginfo-4.9.2-3.15.1 tcpdump-debugsource-4.9.2-3.15.1 References: https://bugzilla.suse.com/1183800 From sle-updates at lists.suse.com Thu Apr 29 10:25:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:25:53 +0200 (CEST) Subject: SUSE-RU-2021:1424-1: moderate: Recommended update for openslp Message-ID: <20210429102553.8F839FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1424-1 Rating: moderate References: #1166637 #1184008 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp fixes the following issues: - Added automated active discovery retries so that DAs do not get dropped, if they are not reachable for some time (bsc#1166637, bsc#1184008) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1424=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1424=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1424=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1424=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1424=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): openslp-2.0.0-6.15.1 openslp-debuginfo-2.0.0-6.15.1 openslp-debugsource-2.0.0-6.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-6.15.1 openslp-debugsource-2.0.0-6.15.1 openslp-server-2.0.0-6.15.1 openslp-server-debuginfo-2.0.0-6.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-6.15.1 openslp-debugsource-2.0.0-6.15.1 openslp-server-2.0.0-6.15.1 openslp-server-debuginfo-2.0.0-6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-6.15.1 openslp-debuginfo-2.0.0-6.15.1 openslp-debugsource-2.0.0-6.15.1 openslp-devel-2.0.0-6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): openslp-32bit-2.0.0-6.15.1 openslp-32bit-debuginfo-2.0.0-6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-6.15.1 openslp-debuginfo-2.0.0-6.15.1 openslp-debugsource-2.0.0-6.15.1 openslp-devel-2.0.0-6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): openslp-32bit-2.0.0-6.15.1 openslp-32bit-debuginfo-2.0.0-6.15.1 References: https://bugzilla.suse.com/1166637 https://bugzilla.suse.com/1184008 From sle-updates at lists.suse.com Thu Apr 29 10:27:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:27:13 +0200 (CEST) Subject: SUSE-RU-2021:1418-1: moderate: Recommended update for release-notes-sles Message-ID: <20210429102713.6A349FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1418-1 Rating: moderate References: #1143465 #1185080 SLE-11159 SLE-11176 SLE-11177 SLE-12830 SLE-7040 TEAM-53 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes and contains 6 features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 12.4.20210421 (tracked in bsc#1185080) - Set lifecycle to unmaintained - Added note about enabling NFSv4.2 (jsc#SLE-7040) - Added note about adding librdkafka (jsc#DOCTEAM-53) - Added note about updated Xorg Server (jsc#SLE-11159) - Added note about git 2.26.2 (jsc#SLE-11177) - Added note about Salt 3000 update (jsc#SLE-12830) - Added note about new kernel-firmware package (bsc#1143465) - Updated note about LibreOffice version (jsc#SLE-11176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1418=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1418=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1418=1 - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2021-1418=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1418=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): release-notes-sles-12.4.20210421-2.16.1 - SUSE OpenStack Cloud 9 (noarch): release-notes-sles-12.4.20210421-2.16.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): release-notes-sles-12.4.20210421-2.16.1 - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): release-notes-sles-12.4.20210421-2.16.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): release-notes-sles-12.4.20210421-2.16.1 References: https://bugzilla.suse.com/1143465 https://bugzilla.suse.com/1185080 From sle-updates at lists.suse.com Thu Apr 29 10:28:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:28:36 +0200 (CEST) Subject: SUSE-RU-2021:1427-1: moderate: Recommended update for scap-security-guide Message-ID: <20210429102836.7F5A4FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1427-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: This update ships the ComplianceAsCode build version 0.1.55+git containing the following supported file: - SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied, more rules added compared to 0.1.54) - SCAP STIG automation for SUSE Linux Enterprise 15 (SUSE supplied, new, first rules added) - CIS automation for SUSE Linux Enterprise 15 (community supplied) It can be evaluated using "oscap" from "openscap-utils", e.g. by doing on SUSE Linux Enterprise 12: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml On SUSE Linux Enterprise 15: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml or the community supplied CIS on SUSE Linux Enterprise 15: - oscap xccdf eval --profile cis /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml More content will be added in future updates. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1427=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1427=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1427=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1427=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1427=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1427=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1427=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1427=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1427=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1427=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1427=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1427=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1427=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1427=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Manager Retail Branch Server 4.0 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Manager Proxy 4.0 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.55git20210323-1.10.1 scap-security-guide-debian-0.1.55git20210323-1.10.1 scap-security-guide-redhat-0.1.55git20210323-1.10.1 scap-security-guide-ubuntu-0.1.55git20210323-1.10.1 References: From sle-updates at lists.suse.com Thu Apr 29 10:29:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:29:43 +0200 (CEST) Subject: SUSE-RU-2021:1420-1: moderate: Recommended update for yast2-network Message-ID: <20210429102943.22DDBFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1420-1 Rating: moderate References: #1184883 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - Do not crash during an AutoYaST installation when trying to update the '/etc/hosts' using a connection without an IP address defined. (bsc#1184883) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1420=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1420=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.98-3.55.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-network-4.2.98-3.55.1 References: https://bugzilla.suse.com/1184883 From sle-updates at lists.suse.com Thu Apr 29 10:30:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:30:50 +0200 (CEST) Subject: SUSE-RU-2021:1416-1: Recommended update for kyotocabinet Message-ID: <20210429103051.458D0FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for kyotocabinet ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1416-1 Rating: low References: #1185033 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kyotocabinet fixes the following issues: - Proactive fix for a hardening making 'kyotokabinet' in SLE as position independent executable. (bsc#1185033) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1416=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1416=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kyotocabinet-debuginfo-1.2.77-4.3.1 kyotocabinet-debugsource-1.2.77-4.3.1 libkyotocabinet-devel-1.2.77-4.3.1 libkyotocabinet16-1.2.77-4.3.1 libkyotocabinet16-debuginfo-1.2.77-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kyotocabinet-debuginfo-1.2.77-4.3.1 kyotocabinet-debugsource-1.2.77-4.3.1 libkyotocabinet-devel-1.2.77-4.3.1 libkyotocabinet16-1.2.77-4.3.1 libkyotocabinet16-debuginfo-1.2.77-4.3.1 References: https://bugzilla.suse.com/1185033 From sle-updates at lists.suse.com Thu Apr 29 10:31:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 12:31:56 +0200 (CEST) Subject: SUSE-RU-2021:1422-1: moderate: Recommended update for cups-filters Message-ID: <20210429103156.86754FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups-filters ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1422-1 Rating: moderate References: #1182893 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cups-filters fixes the following issues: - Fixed an issue when 'foomatic-rip-Filter' crashes. (bsc#1182893) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1422=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cups-filters-1.0.58-19.8.2 cups-filters-cups-browsed-1.0.58-19.8.2 cups-filters-cups-browsed-debuginfo-1.0.58-19.8.2 cups-filters-debuginfo-1.0.58-19.8.2 cups-filters-debugsource-1.0.58-19.8.2 cups-filters-foomatic-rip-1.0.58-19.8.2 cups-filters-foomatic-rip-debuginfo-1.0.58-19.8.2 cups-filters-ghostscript-1.0.58-19.8.2 cups-filters-ghostscript-debuginfo-1.0.58-19.8.2 References: https://bugzilla.suse.com/1182893 From sle-updates at lists.suse.com Thu Apr 29 13:15:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:15:55 +0200 (CEST) Subject: SUSE-RU-2021:1434-1: moderate: Recommended update for dpdk Message-ID: <20210429131555.908A6FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1434-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dpdk fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1434=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1434=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le x86_64): dpdk-19.11.4-3.13.1 dpdk-debuginfo-19.11.4-3.13.1 dpdk-debugsource-19.11.4-3.13.1 dpdk-devel-19.11.4-3.13.1 dpdk-devel-debuginfo-19.11.4-3.13.1 dpdk-kmp-default-19.11.4_k5.3.18_24.61-3.13.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_24.61-3.13.1 dpdk-tools-19.11.4-3.13.1 dpdk-tools-debuginfo-19.11.4-3.13.1 libdpdk-20_0-19.11.4-3.13.1 libdpdk-20_0-debuginfo-19.11.4-3.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): dpdk-thunderx-19.11.4-3.13.1 dpdk-thunderx-debuginfo-19.11.4-3.13.1 dpdk-thunderx-debugsource-19.11.4-3.13.1 dpdk-thunderx-devel-19.11.4-3.13.1 dpdk-thunderx-devel-debuginfo-19.11.4-3.13.1 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.61-3.13.1 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_24.61-3.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libdpdk-20_0-19.11.4-3.13.1 libdpdk-20_0-debuginfo-19.11.4-3.13.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Thu Apr 29 13:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:16:59 +0200 (CEST) Subject: SUSE-SU-2021:1432-1: important: Security update for MozillaThunderbird Message-ID: <20210429131659.6539EFDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1432-1 Rating: important References: #1184960 Cross-References: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 CVSS scores: CVE-2021-23961 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23961 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23994 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23995 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23998 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23999 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-24002 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29945 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29946 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-29948 (SUSE): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed * CVE-2021-29948: Race condition when reading from disk while verifying signatures Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1432=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1432=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-78.10.0-8.23.1 MozillaThunderbird-debuginfo-78.10.0-8.23.1 MozillaThunderbird-debugsource-78.10.0-8.23.1 MozillaThunderbird-translations-common-78.10.0-8.23.1 MozillaThunderbird-translations-other-78.10.0-8.23.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-78.10.0-8.23.1 MozillaThunderbird-debuginfo-78.10.0-8.23.1 MozillaThunderbird-debugsource-78.10.0-8.23.1 MozillaThunderbird-translations-common-78.10.0-8.23.1 MozillaThunderbird-translations-other-78.10.0-8.23.1 References: https://www.suse.com/security/cve/CVE-2021-23961.html https://www.suse.com/security/cve/CVE-2021-23994.html https://www.suse.com/security/cve/CVE-2021-23995.html https://www.suse.com/security/cve/CVE-2021-23998.html https://www.suse.com/security/cve/CVE-2021-23999.html https://www.suse.com/security/cve/CVE-2021-24002.html https://www.suse.com/security/cve/CVE-2021-29945.html https://www.suse.com/security/cve/CVE-2021-29946.html https://www.suse.com/security/cve/CVE-2021-29948.html https://bugzilla.suse.com/1184960 From sle-updates at lists.suse.com Thu Apr 29 13:18:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:18:05 +0200 (CEST) Subject: SUSE-RU-2021:1437-1: moderate: Recommended update for oracleasm Message-ID: <20210429131805.E3A19FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1437-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1437=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_122.66-9.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_122.66-9.9.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Thu Apr 29 13:19:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:19:08 +0200 (CEST) Subject: SUSE-RU-2021:1436-1: moderate: Recommended update for lttng-modules Message-ID: <20210429131908.33158FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1436-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lttng-modules fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1436=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): lttng-modules-2.10.9-8.11.1 lttng-modules-debugsource-2.10.9-8.11.1 lttng-modules-kmp-default-2.10.9_k4.12.14_122.66-8.11.1 lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.66-8.11.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Thu Apr 29 13:20:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:20:15 +0200 (CEST) Subject: SUSE-SU-2021:1430-1: important: Security update for webkit2gtk3 Message-ID: <20210429132015.66FF4FDE1@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1430-1 Rating: important References: #1182719 #1184155 #1184262 Cross-References: CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVSS scores: CVE-2020-27918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-1765 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1788 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1789 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1799 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1801 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1871 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 (bsc#1184155): * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal handler for * threading suspension. * Fix the build on RISC-V with GCC 11. * Fix several crashes and rendering issues. * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 - Update in version 2.30.6 (bsc#1184262): * Update user agent quirks again for Google Docs and Google Drive. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. - Update _constraints for armv6/armv7 (bsc#1182719) - restore NPAPI plugin support which was removed in 2.32.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1430=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1430=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1430=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1430=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 typelib-1_0-WebKit2-4_0-2.32.0-3.15.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.15.1 webkit2gtk3-debugsource-2.32.0-3.15.1 webkit2gtk3-devel-2.32.0-3.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 typelib-1_0-WebKit2-4_0-2.32.0-3.15.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.15.1 webkit2gtk3-debugsource-2.32.0-3.15.1 webkit2gtk3-devel-2.32.0-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.15.1 libwebkit2gtk-4_0-37-2.32.0-3.15.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.15.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.15.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.15.1 webkit2gtk3-debugsource-2.32.0-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.32.0-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.15.1 libwebkit2gtk-4_0-37-2.32.0-3.15.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.15.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.15.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.15.1 webkit2gtk3-debugsource-2.32.0-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.32.0-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-27918.html https://www.suse.com/security/cve/CVE-2020-29623.html https://www.suse.com/security/cve/CVE-2021-1765.html https://www.suse.com/security/cve/CVE-2021-1788.html https://www.suse.com/security/cve/CVE-2021-1789.html https://www.suse.com/security/cve/CVE-2021-1799.html https://www.suse.com/security/cve/CVE-2021-1801.html https://www.suse.com/security/cve/CVE-2021-1844.html https://www.suse.com/security/cve/CVE-2021-1870.html https://www.suse.com/security/cve/CVE-2021-1871.html https://bugzilla.suse.com/1182719 https://bugzilla.suse.com/1184155 https://bugzilla.suse.com/1184262 From sle-updates at lists.suse.com Thu Apr 29 13:21:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:21:41 +0200 (CEST) Subject: SUSE-SU-2021:1433-1: important: Security update for MozillaFirefox Message-ID: <20210429132141.EC91AFDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1433-1 Rating: important References: #1184960 Cross-References: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVSS scores: CVE-2021-23961 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23961 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-23994 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23995 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-23998 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23999 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-24002 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29945 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29946 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1433=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1433=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1433=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1433=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1433=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1433=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1433=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1433=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1433=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1433=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1433=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1433=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1433=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Manager Proxy 4.0 (x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-78.10.0-3.139.1 MozillaFirefox-debuginfo-78.10.0-3.139.1 MozillaFirefox-debugsource-78.10.0-3.139.1 MozillaFirefox-devel-78.10.0-3.139.1 MozillaFirefox-translations-common-78.10.0-3.139.1 MozillaFirefox-translations-other-78.10.0-3.139.1 References: https://www.suse.com/security/cve/CVE-2021-23961.html https://www.suse.com/security/cve/CVE-2021-23994.html https://www.suse.com/security/cve/CVE-2021-23995.html https://www.suse.com/security/cve/CVE-2021-23998.html https://www.suse.com/security/cve/CVE-2021-23999.html https://www.suse.com/security/cve/CVE-2021-24002.html https://www.suse.com/security/cve/CVE-2021-29945.html https://www.suse.com/security/cve/CVE-2021-29946.html https://bugzilla.suse.com/1184960 From sle-updates at lists.suse.com Thu Apr 29 13:22:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:22:56 +0200 (CEST) Subject: SUSE-SU-2021:1435-1: moderate: Security update for java-1_7_0-openjdk Message-ID: <20210429132256.A49FAFDE1@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1435-1 Rating: moderate References: #1181239 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters * Import of OpenJDK 7 u291 build 1 + JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b + JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1435=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1435=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1435=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1435=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1435=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1435=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1435=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1435=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1435=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1435=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1435=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1435=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 - HPE Helion Openstack 8 (x86_64): java-1_7_0-openjdk-1.7.0.291-43.47.3 java-1_7_0-openjdk-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-debugsource-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-1.7.0.291-43.47.3 java-1_7_0-openjdk-demo-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-1.7.0.291-43.47.3 java-1_7_0-openjdk-devel-debuginfo-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-1.7.0.291-43.47.3 java-1_7_0-openjdk-headless-debuginfo-1.7.0.291-43.47.3 References: https://bugzilla.suse.com/1181239 From sle-updates at lists.suse.com Thu Apr 29 13:24:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:24:03 +0200 (CEST) Subject: SUSE-SU-2021:1429-1: important: Security update for permissions Message-ID: <20210429132403.9AF6FFDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1429-1 Rating: important References: #1050467 #1182899 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Update to version 20170707: * make btmp root:utmp (bsc#1050467, bsc#1182899) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1429=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1429=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1429=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1429=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): permissions-20170707-3.27.1 permissions-debuginfo-20170707-3.27.1 permissions-debugsource-20170707-3.27.1 - SUSE OpenStack Cloud 9 (x86_64): permissions-20170707-3.27.1 permissions-debuginfo-20170707-3.27.1 permissions-debugsource-20170707-3.27.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): permissions-20170707-3.27.1 permissions-debuginfo-20170707-3.27.1 permissions-debugsource-20170707-3.27.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): permissions-20170707-3.27.1 permissions-debuginfo-20170707-3.27.1 permissions-debugsource-20170707-3.27.1 References: https://bugzilla.suse.com/1050467 https://bugzilla.suse.com/1182899 From sle-updates at lists.suse.com Thu Apr 29 13:25:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 15:25:14 +0200 (CEST) Subject: SUSE-SU-2021:1431-1: important: Security update for tomcat Message-ID: <20210429132514.4DDB3FDE1@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1431-1 Rating: important References: #1182909 Cross-References: CVE-2021-25329 CVSS scores: CVE-2021-25329 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25329 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1431=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1431=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1431=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1431=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1431=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1431=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1431=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1431=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1431=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE OpenStack Cloud 8 (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 - HPE Helion Openstack 8 (noarch): tomcat-8.0.53-29.46.1 tomcat-admin-webapps-8.0.53-29.46.1 tomcat-docs-webapp-8.0.53-29.46.1 tomcat-el-3_0-api-8.0.53-29.46.1 tomcat-javadoc-8.0.53-29.46.1 tomcat-jsp-2_3-api-8.0.53-29.46.1 tomcat-lib-8.0.53-29.46.1 tomcat-servlet-3_1-api-8.0.53-29.46.1 tomcat-webapps-8.0.53-29.46.1 References: https://www.suse.com/security/cve/CVE-2021-25329.html https://bugzilla.suse.com/1182909 From sle-updates at lists.suse.com Thu Apr 29 16:15:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 18:15:35 +0200 (CEST) Subject: SUSE-SU-2021:14709-1: important: Security update for samba Message-ID: <20210429161535.65100FDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14709-1 Rating: important References: #1178469 #1184677 Cross-References: CVE-2021-20254 CVSS scores: CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-samba-14709=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-14709=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-14709=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-14709=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ldapsmb-1.34b-94.34.1 libldb1-3.6.3-94.34.1 libsmbclient0-3.6.3-94.34.1 libtalloc2-3.6.3-94.34.1 libtdb1-3.6.3-94.34.1 libtevent0-3.6.3-94.34.1 libwbclient0-3.6.3-94.34.1 samba-3.6.3-94.34.1 samba-client-3.6.3-94.34.1 samba-krb-printing-3.6.3-94.34.1 samba-winbind-3.6.3-94.34.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.34.1 libtalloc2-32bit-3.6.3-94.34.1 libtdb1-32bit-3.6.3-94.34.1 libtevent0-32bit-3.6.3-94.34.1 libwbclient0-32bit-3.6.3-94.34.1 samba-32bit-3.6.3-94.34.1 samba-client-32bit-3.6.3-94.34.1 samba-winbind-32bit-3.6.3-94.34.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): samba-doc-3.6.3-94.34.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.34.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.34.1 libldb1-3.6.3-94.34.1 libsmbclient0-3.6.3-94.34.1 libtalloc2-3.6.3-94.34.1 libtdb1-3.6.3-94.34.1 libtevent0-3.6.3-94.34.1 libwbclient0-3.6.3-94.34.1 samba-3.6.3-94.34.1 samba-client-3.6.3-94.34.1 samba-krb-printing-3.6.3-94.34.1 samba-winbind-3.6.3-94.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.34.1 samba-debugsource-3.6.3-94.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.34.1 samba-debugsource-3.6.3-94.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.34.1 References: https://www.suse.com/security/cve/CVE-2021-20254.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Thu Apr 29 16:16:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 18:16:43 +0200 (CEST) Subject: SUSE-SU-2021:1438-1: important: Security update for samba Message-ID: <20210429161643.8610BFDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1438-1 Rating: important References: #1178469 #1179156 #1184677 Cross-References: CVE-2021-20254 CVSS scores: CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1438=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1438=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1438=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.18+git.269.dd608524c88-3.27.1 libndr-krb5pac-devel-4.10.18+git.269.dd608524c88-3.27.1 libndr-nbt-devel-4.10.18+git.269.dd608524c88-3.27.1 libndr-standard-devel-4.10.18+git.269.dd608524c88-3.27.1 libsamba-util-devel-4.10.18+git.269.dd608524c88-3.27.1 libsmbclient-devel-4.10.18+git.269.dd608524c88-3.27.1 libwbclient-devel-4.10.18+git.269.dd608524c88-3.27.1 samba-core-devel-4.10.18+git.269.dd608524c88-3.27.1 samba-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-debugsource-4.10.18+git.269.dd608524c88-3.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.18+git.269.dd608524c88-3.27.1 libdcerpc-binding0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libdcerpc0-4.10.18+git.269.dd608524c88-3.27.1 libdcerpc0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libndr-krb5pac0-4.10.18+git.269.dd608524c88-3.27.1 libndr-krb5pac0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libndr-nbt0-4.10.18+git.269.dd608524c88-3.27.1 libndr-nbt0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libndr-standard0-4.10.18+git.269.dd608524c88-3.27.1 libndr-standard0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libndr0-4.10.18+git.269.dd608524c88-3.27.1 libndr0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libnetapi0-4.10.18+git.269.dd608524c88-3.27.1 libnetapi0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsamba-credentials0-4.10.18+git.269.dd608524c88-3.27.1 libsamba-credentials0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsamba-errors0-4.10.18+git.269.dd608524c88-3.27.1 libsamba-errors0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsamba-hostconfig0-4.10.18+git.269.dd608524c88-3.27.1 libsamba-hostconfig0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsamba-passdb0-4.10.18+git.269.dd608524c88-3.27.1 libsamba-passdb0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsamba-util0-4.10.18+git.269.dd608524c88-3.27.1 libsamba-util0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsamdb0-4.10.18+git.269.dd608524c88-3.27.1 libsamdb0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsmbclient0-4.10.18+git.269.dd608524c88-3.27.1 libsmbclient0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsmbconf0-4.10.18+git.269.dd608524c88-3.27.1 libsmbconf0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libsmbldap2-4.10.18+git.269.dd608524c88-3.27.1 libsmbldap2-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libtevent-util0-4.10.18+git.269.dd608524c88-3.27.1 libtevent-util0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 libwbclient0-4.10.18+git.269.dd608524c88-3.27.1 libwbclient0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-4.10.18+git.269.dd608524c88-3.27.1 samba-client-4.10.18+git.269.dd608524c88-3.27.1 samba-client-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-debugsource-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-python3-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-python3-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-winbind-4.10.18+git.269.dd608524c88-3.27.1 samba-winbind-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libdcerpc-binding0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libdcerpc0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libdcerpc0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr-krb5pac0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr-krb5pac0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr-nbt0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr-nbt0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr-standard0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr-standard0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libndr0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libnetapi0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libnetapi0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-credentials0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-credentials0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-errors0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-errors0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-hostconfig0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-passdb0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-passdb0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-util0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamba-util0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamdb0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsamdb0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsmbclient0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsmbclient0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsmbconf0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsmbconf0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsmbldap2-32bit-4.10.18+git.269.dd608524c88-3.27.1 libsmbldap2-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libtevent-util0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libtevent-util0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 libwbclient0-32bit-4.10.18+git.269.dd608524c88-3.27.1 libwbclient0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-client-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-client-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-python3-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-libs-python3-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-winbind-32bit-4.10.18+git.269.dd608524c88-3.27.1 samba-winbind-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.18+git.269.dd608524c88-3.27.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.18+git.269.dd608524c88-3.27.1 ctdb-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-debuginfo-4.10.18+git.269.dd608524c88-3.27.1 samba-debugsource-4.10.18+git.269.dd608524c88-3.27.1 References: https://www.suse.com/security/cve/CVE-2021-20254.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1179156 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Thu Apr 29 16:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 18:17:54 +0200 (CEST) Subject: SUSE-SU-2021:1439-1: important: Security update for samba Message-ID: <20210429161754.F0E9DFDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1439-1 Rating: important References: #1178469 #1184677 Cross-References: CVE-2021-20254 CVSS scores: CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1439=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1439=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1439=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): samba-doc-4.4.2-38.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): ctdb-4.4.2-38.42.1 ctdb-debuginfo-4.4.2-38.42.1 libdcerpc-binding0-32bit-4.4.2-38.42.1 libdcerpc-binding0-4.4.2-38.42.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.42.1 libdcerpc-binding0-debuginfo-4.4.2-38.42.1 libdcerpc0-32bit-4.4.2-38.42.1 libdcerpc0-4.4.2-38.42.1 libdcerpc0-debuginfo-32bit-4.4.2-38.42.1 libdcerpc0-debuginfo-4.4.2-38.42.1 libndr-krb5pac0-32bit-4.4.2-38.42.1 libndr-krb5pac0-4.4.2-38.42.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.42.1 libndr-krb5pac0-debuginfo-4.4.2-38.42.1 libndr-nbt0-32bit-4.4.2-38.42.1 libndr-nbt0-4.4.2-38.42.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.42.1 libndr-nbt0-debuginfo-4.4.2-38.42.1 libndr-standard0-32bit-4.4.2-38.42.1 libndr-standard0-4.4.2-38.42.1 libndr-standard0-debuginfo-32bit-4.4.2-38.42.1 libndr-standard0-debuginfo-4.4.2-38.42.1 libndr0-32bit-4.4.2-38.42.1 libndr0-4.4.2-38.42.1 libndr0-debuginfo-32bit-4.4.2-38.42.1 libndr0-debuginfo-4.4.2-38.42.1 libnetapi0-32bit-4.4.2-38.42.1 libnetapi0-4.4.2-38.42.1 libnetapi0-debuginfo-32bit-4.4.2-38.42.1 libnetapi0-debuginfo-4.4.2-38.42.1 libsamba-credentials0-32bit-4.4.2-38.42.1 libsamba-credentials0-4.4.2-38.42.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.42.1 libsamba-credentials0-debuginfo-4.4.2-38.42.1 libsamba-errors0-32bit-4.4.2-38.42.1 libsamba-errors0-4.4.2-38.42.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.42.1 libsamba-errors0-debuginfo-4.4.2-38.42.1 libsamba-hostconfig0-32bit-4.4.2-38.42.1 libsamba-hostconfig0-4.4.2-38.42.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.42.1 libsamba-hostconfig0-debuginfo-4.4.2-38.42.1 libsamba-passdb0-32bit-4.4.2-38.42.1 libsamba-passdb0-4.4.2-38.42.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.42.1 libsamba-passdb0-debuginfo-4.4.2-38.42.1 libsamba-util0-32bit-4.4.2-38.42.1 libsamba-util0-4.4.2-38.42.1 libsamba-util0-debuginfo-32bit-4.4.2-38.42.1 libsamba-util0-debuginfo-4.4.2-38.42.1 libsamdb0-32bit-4.4.2-38.42.1 libsamdb0-4.4.2-38.42.1 libsamdb0-debuginfo-32bit-4.4.2-38.42.1 libsamdb0-debuginfo-4.4.2-38.42.1 libsmbclient0-32bit-4.4.2-38.42.1 libsmbclient0-4.4.2-38.42.1 libsmbclient0-debuginfo-32bit-4.4.2-38.42.1 libsmbclient0-debuginfo-4.4.2-38.42.1 libsmbconf0-32bit-4.4.2-38.42.1 libsmbconf0-4.4.2-38.42.1 libsmbconf0-debuginfo-32bit-4.4.2-38.42.1 libsmbconf0-debuginfo-4.4.2-38.42.1 libsmbldap0-32bit-4.4.2-38.42.1 libsmbldap0-4.4.2-38.42.1 libsmbldap0-debuginfo-32bit-4.4.2-38.42.1 libsmbldap0-debuginfo-4.4.2-38.42.1 libtevent-util0-32bit-4.4.2-38.42.1 libtevent-util0-4.4.2-38.42.1 libtevent-util0-debuginfo-32bit-4.4.2-38.42.1 libtevent-util0-debuginfo-4.4.2-38.42.1 libwbclient0-32bit-4.4.2-38.42.1 libwbclient0-4.4.2-38.42.1 libwbclient0-debuginfo-32bit-4.4.2-38.42.1 libwbclient0-debuginfo-4.4.2-38.42.1 samba-4.4.2-38.42.1 samba-client-32bit-4.4.2-38.42.1 samba-client-4.4.2-38.42.1 samba-client-debuginfo-32bit-4.4.2-38.42.1 samba-client-debuginfo-4.4.2-38.42.1 samba-debuginfo-4.4.2-38.42.1 samba-debugsource-4.4.2-38.42.1 samba-libs-32bit-4.4.2-38.42.1 samba-libs-4.4.2-38.42.1 samba-libs-debuginfo-32bit-4.4.2-38.42.1 samba-libs-debuginfo-4.4.2-38.42.1 samba-winbind-32bit-4.4.2-38.42.1 samba-winbind-4.4.2-38.42.1 samba-winbind-debuginfo-32bit-4.4.2-38.42.1 samba-winbind-debuginfo-4.4.2-38.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): samba-doc-4.4.2-38.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): ctdb-4.4.2-38.42.1 ctdb-debuginfo-4.4.2-38.42.1 libdcerpc-binding0-32bit-4.4.2-38.42.1 libdcerpc-binding0-4.4.2-38.42.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.42.1 libdcerpc-binding0-debuginfo-4.4.2-38.42.1 libdcerpc0-32bit-4.4.2-38.42.1 libdcerpc0-4.4.2-38.42.1 libdcerpc0-debuginfo-32bit-4.4.2-38.42.1 libdcerpc0-debuginfo-4.4.2-38.42.1 libndr-krb5pac0-32bit-4.4.2-38.42.1 libndr-krb5pac0-4.4.2-38.42.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.42.1 libndr-krb5pac0-debuginfo-4.4.2-38.42.1 libndr-nbt0-32bit-4.4.2-38.42.1 libndr-nbt0-4.4.2-38.42.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.42.1 libndr-nbt0-debuginfo-4.4.2-38.42.1 libndr-standard0-32bit-4.4.2-38.42.1 libndr-standard0-4.4.2-38.42.1 libndr-standard0-debuginfo-32bit-4.4.2-38.42.1 libndr-standard0-debuginfo-4.4.2-38.42.1 libndr0-32bit-4.4.2-38.42.1 libndr0-4.4.2-38.42.1 libndr0-debuginfo-32bit-4.4.2-38.42.1 libndr0-debuginfo-4.4.2-38.42.1 libnetapi0-32bit-4.4.2-38.42.1 libnetapi0-4.4.2-38.42.1 libnetapi0-debuginfo-32bit-4.4.2-38.42.1 libnetapi0-debuginfo-4.4.2-38.42.1 libsamba-credentials0-32bit-4.4.2-38.42.1 libsamba-credentials0-4.4.2-38.42.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.42.1 libsamba-credentials0-debuginfo-4.4.2-38.42.1 libsamba-errors0-32bit-4.4.2-38.42.1 libsamba-errors0-4.4.2-38.42.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.42.1 libsamba-errors0-debuginfo-4.4.2-38.42.1 libsamba-hostconfig0-32bit-4.4.2-38.42.1 libsamba-hostconfig0-4.4.2-38.42.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.42.1 libsamba-hostconfig0-debuginfo-4.4.2-38.42.1 libsamba-passdb0-32bit-4.4.2-38.42.1 libsamba-passdb0-4.4.2-38.42.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.42.1 libsamba-passdb0-debuginfo-4.4.2-38.42.1 libsamba-util0-32bit-4.4.2-38.42.1 libsamba-util0-4.4.2-38.42.1 libsamba-util0-debuginfo-32bit-4.4.2-38.42.1 libsamba-util0-debuginfo-4.4.2-38.42.1 libsamdb0-32bit-4.4.2-38.42.1 libsamdb0-4.4.2-38.42.1 libsamdb0-debuginfo-32bit-4.4.2-38.42.1 libsamdb0-debuginfo-4.4.2-38.42.1 libsmbclient0-32bit-4.4.2-38.42.1 libsmbclient0-4.4.2-38.42.1 libsmbclient0-debuginfo-32bit-4.4.2-38.42.1 libsmbclient0-debuginfo-4.4.2-38.42.1 libsmbconf0-32bit-4.4.2-38.42.1 libsmbconf0-4.4.2-38.42.1 libsmbconf0-debuginfo-32bit-4.4.2-38.42.1 libsmbconf0-debuginfo-4.4.2-38.42.1 libsmbldap0-32bit-4.4.2-38.42.1 libsmbldap0-4.4.2-38.42.1 libsmbldap0-debuginfo-32bit-4.4.2-38.42.1 libsmbldap0-debuginfo-4.4.2-38.42.1 libtevent-util0-32bit-4.4.2-38.42.1 libtevent-util0-4.4.2-38.42.1 libtevent-util0-debuginfo-32bit-4.4.2-38.42.1 libtevent-util0-debuginfo-4.4.2-38.42.1 libwbclient0-32bit-4.4.2-38.42.1 libwbclient0-4.4.2-38.42.1 libwbclient0-debuginfo-32bit-4.4.2-38.42.1 libwbclient0-debuginfo-4.4.2-38.42.1 samba-4.4.2-38.42.1 samba-client-32bit-4.4.2-38.42.1 samba-client-4.4.2-38.42.1 samba-client-debuginfo-32bit-4.4.2-38.42.1 samba-client-debuginfo-4.4.2-38.42.1 samba-debuginfo-4.4.2-38.42.1 samba-debugsource-4.4.2-38.42.1 samba-libs-32bit-4.4.2-38.42.1 samba-libs-4.4.2-38.42.1 samba-libs-debuginfo-32bit-4.4.2-38.42.1 samba-libs-debuginfo-4.4.2-38.42.1 samba-winbind-32bit-4.4.2-38.42.1 samba-winbind-4.4.2-38.42.1 samba-winbind-debuginfo-32bit-4.4.2-38.42.1 samba-winbind-debuginfo-4.4.2-38.42.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.42.1 libdcerpc-binding0-4.4.2-38.42.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.42.1 libdcerpc-binding0-debuginfo-4.4.2-38.42.1 libdcerpc0-32bit-4.4.2-38.42.1 libdcerpc0-4.4.2-38.42.1 libdcerpc0-debuginfo-32bit-4.4.2-38.42.1 libdcerpc0-debuginfo-4.4.2-38.42.1 libndr-krb5pac0-32bit-4.4.2-38.42.1 libndr-krb5pac0-4.4.2-38.42.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.42.1 libndr-krb5pac0-debuginfo-4.4.2-38.42.1 libndr-nbt0-32bit-4.4.2-38.42.1 libndr-nbt0-4.4.2-38.42.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.42.1 libndr-nbt0-debuginfo-4.4.2-38.42.1 libndr-standard0-32bit-4.4.2-38.42.1 libndr-standard0-4.4.2-38.42.1 libndr-standard0-debuginfo-32bit-4.4.2-38.42.1 libndr-standard0-debuginfo-4.4.2-38.42.1 libndr0-32bit-4.4.2-38.42.1 libndr0-4.4.2-38.42.1 libndr0-debuginfo-32bit-4.4.2-38.42.1 libndr0-debuginfo-4.4.2-38.42.1 libnetapi0-32bit-4.4.2-38.42.1 libnetapi0-4.4.2-38.42.1 libnetapi0-debuginfo-32bit-4.4.2-38.42.1 libnetapi0-debuginfo-4.4.2-38.42.1 libsamba-credentials0-32bit-4.4.2-38.42.1 libsamba-credentials0-4.4.2-38.42.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.42.1 libsamba-credentials0-debuginfo-4.4.2-38.42.1 libsamba-errors0-32bit-4.4.2-38.42.1 libsamba-errors0-4.4.2-38.42.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.42.1 libsamba-errors0-debuginfo-4.4.2-38.42.1 libsamba-hostconfig0-32bit-4.4.2-38.42.1 libsamba-hostconfig0-4.4.2-38.42.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.42.1 libsamba-hostconfig0-debuginfo-4.4.2-38.42.1 libsamba-passdb0-32bit-4.4.2-38.42.1 libsamba-passdb0-4.4.2-38.42.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.42.1 libsamba-passdb0-debuginfo-4.4.2-38.42.1 libsamba-util0-32bit-4.4.2-38.42.1 libsamba-util0-4.4.2-38.42.1 libsamba-util0-debuginfo-32bit-4.4.2-38.42.1 libsamba-util0-debuginfo-4.4.2-38.42.1 libsamdb0-32bit-4.4.2-38.42.1 libsamdb0-4.4.2-38.42.1 libsamdb0-debuginfo-32bit-4.4.2-38.42.1 libsamdb0-debuginfo-4.4.2-38.42.1 libsmbclient0-32bit-4.4.2-38.42.1 libsmbclient0-4.4.2-38.42.1 libsmbclient0-debuginfo-32bit-4.4.2-38.42.1 libsmbclient0-debuginfo-4.4.2-38.42.1 libsmbconf0-32bit-4.4.2-38.42.1 libsmbconf0-4.4.2-38.42.1 libsmbconf0-debuginfo-32bit-4.4.2-38.42.1 libsmbconf0-debuginfo-4.4.2-38.42.1 libsmbldap0-32bit-4.4.2-38.42.1 libsmbldap0-4.4.2-38.42.1 libsmbldap0-debuginfo-32bit-4.4.2-38.42.1 libsmbldap0-debuginfo-4.4.2-38.42.1 libtevent-util0-32bit-4.4.2-38.42.1 libtevent-util0-4.4.2-38.42.1 libtevent-util0-debuginfo-32bit-4.4.2-38.42.1 libtevent-util0-debuginfo-4.4.2-38.42.1 libwbclient0-32bit-4.4.2-38.42.1 libwbclient0-4.4.2-38.42.1 libwbclient0-debuginfo-32bit-4.4.2-38.42.1 libwbclient0-debuginfo-4.4.2-38.42.1 samba-4.4.2-38.42.1 samba-client-32bit-4.4.2-38.42.1 samba-client-4.4.2-38.42.1 samba-client-debuginfo-32bit-4.4.2-38.42.1 samba-client-debuginfo-4.4.2-38.42.1 samba-debuginfo-4.4.2-38.42.1 samba-debugsource-4.4.2-38.42.1 samba-libs-32bit-4.4.2-38.42.1 samba-libs-4.4.2-38.42.1 samba-libs-debuginfo-32bit-4.4.2-38.42.1 samba-libs-debuginfo-4.4.2-38.42.1 samba-winbind-32bit-4.4.2-38.42.1 samba-winbind-4.4.2-38.42.1 samba-winbind-debuginfo-32bit-4.4.2-38.42.1 samba-winbind-debuginfo-4.4.2-38.42.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.42.1 References: https://www.suse.com/security/cve/CVE-2021-20254.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Thu Apr 29 16:19:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 18:19:00 +0200 (CEST) Subject: SUSE-SU-2021:1440-1: important: Security update for ldb, samba Message-ID: <20210429161900.ABD61FDE1@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1440-1 Rating: important References: #1182830 #1183572 #1183574 #1184677 #14571 Cross-References: CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 CVSS scores: CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for ldb, samba fixes the following issues: - ldb was updated to 2.2.1 - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - samba was updated to 4.13.6 - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires; (bsc#1182830); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1440=1 Package List: - SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.6+git.211.555d60b24ba-3.9.1 ctdb-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 ldb-debugsource-2.2.1-4.3.1 libdcerpc-binding0-4.13.6+git.211.555d60b24ba-3.9.1 libdcerpc-binding0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libdcerpc0-4.13.6+git.211.555d60b24ba-3.9.1 libdcerpc0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libldb2-2.2.1-4.3.1 libldb2-debuginfo-2.2.1-4.3.1 libndr-krb5pac0-4.13.6+git.211.555d60b24ba-3.9.1 libndr-krb5pac0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libndr-nbt0-4.13.6+git.211.555d60b24ba-3.9.1 libndr-nbt0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libndr-standard0-4.13.6+git.211.555d60b24ba-3.9.1 libndr-standard0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libndr1-4.13.6+git.211.555d60b24ba-3.9.1 libndr1-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libnetapi0-4.13.6+git.211.555d60b24ba-3.9.1 libnetapi0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-credentials0-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-credentials0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-errors0-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-errors0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-hostconfig0-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-hostconfig0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-passdb0-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-passdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-util0-4.13.6+git.211.555d60b24ba-3.9.1 libsamba-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsamdb0-4.13.6+git.211.555d60b24ba-3.9.1 libsamdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsmbclient0-4.13.6+git.211.555d60b24ba-3.9.1 libsmbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsmbconf0-4.13.6+git.211.555d60b24ba-3.9.1 libsmbconf0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libsmbldap2-4.13.6+git.211.555d60b24ba-3.9.1 libsmbldap2-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libtevent-util0-4.13.6+git.211.555d60b24ba-3.9.1 libtevent-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 libwbclient0-4.13.6+git.211.555d60b24ba-3.9.1 libwbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 python3-ldb-2.2.1-4.3.1 python3-ldb-debuginfo-2.2.1-4.3.1 samba-4.13.6+git.211.555d60b24ba-3.9.1 samba-ceph-4.13.6+git.211.555d60b24ba-3.9.1 samba-ceph-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 samba-client-4.13.6+git.211.555d60b24ba-3.9.1 samba-client-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 samba-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 samba-debugsource-4.13.6+git.211.555d60b24ba-3.9.1 samba-libs-4.13.6+git.211.555d60b24ba-3.9.1 samba-libs-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 samba-libs-python3-4.13.6+git.211.555d60b24ba-3.9.1 samba-libs-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 samba-winbind-4.13.6+git.211.555d60b24ba-3.9.1 samba-winbind-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-20277.html https://bugzilla.suse.com/1182830 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1184677 https://bugzilla.suse.com/14571 From sle-updates at lists.suse.com Thu Apr 29 16:20:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 18:20:17 +0200 (CEST) Subject: SUSE-SU-2021:1442-1: important: Security update for samba Message-ID: <20210429162017.0C0D3FE04@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1442-1 Rating: important References: #1184677 Cross-References: CVE-2021-20254 CVSS scores: CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1442=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1442=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1442=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): libdcerpc-atsvc0-4.2.4-28.39.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): libdcerpc-atsvc0-4.2.4-28.39.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-atsvc0-4.2.4-28.39.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.39.1 References: https://www.suse.com/security/cve/CVE-2021-20254.html https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Thu Apr 29 19:15:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 21:15:32 +0200 (CEST) Subject: SUSE-SU-2021:1444-1: important: Security update for samba Message-ID: <20210429191532.DB3A6FDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1444-1 Rating: important References: #1178469 #1179156 #1183572 #1183574 #1184310 #1184677 Cross-References: CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 CVSS scores: CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-1444=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1444=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1444=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.14+git.247.8c858f7ee14-4.19.1 samba-ad-dc-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-debugsource-4.11.14+git.247.8c858f7ee14-4.19.1 samba-dsdb-modules-4.11.14+git.247.8c858f7ee14-4.19.1 samba-dsdb-modules-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc-binding0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc-samr-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc-samr0-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc-samr0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc0-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-krb5pac-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-krb5pac0-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-krb5pac0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-nbt-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-nbt0-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-nbt0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-standard-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-standard0-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-standard0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr0-4.11.14+git.247.8c858f7ee14-4.19.1 libndr0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libnetapi-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libnetapi0-4.11.14+git.247.8c858f7ee14-4.19.1 libnetapi0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-credentials-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-credentials0-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-credentials0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-errors-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-errors0-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-errors0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-hostconfig-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-hostconfig0-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-hostconfig0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-passdb-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-passdb0-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-passdb0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-policy-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-policy-python3-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-policy0-python3-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-policy0-python3-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-util-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-util0-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-util0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamdb-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsamdb0-4.11.14+git.247.8c858f7ee14-4.19.1 libsamdb0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbclient-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbclient0-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbclient0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbconf-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbconf0-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbconf0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbldap-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbldap2-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbldap2-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libtevent-util-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libtevent-util0-4.11.14+git.247.8c858f7ee14-4.19.1 libtevent-util0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libwbclient-devel-4.11.14+git.247.8c858f7ee14-4.19.1 libwbclient0-4.11.14+git.247.8c858f7ee14-4.19.1 libwbclient0-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-4.11.14+git.247.8c858f7ee14-4.19.1 samba-client-4.11.14+git.247.8c858f7ee14-4.19.1 samba-client-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-core-devel-4.11.14+git.247.8c858f7ee14-4.19.1 samba-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-debugsource-4.11.14+git.247.8c858f7ee14-4.19.1 samba-dsdb-modules-4.11.14+git.247.8c858f7ee14-4.19.1 samba-dsdb-modules-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-libs-4.11.14+git.247.8c858f7ee14-4.19.1 samba-libs-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-libs-python3-4.11.14+git.247.8c858f7ee14-4.19.1 samba-libs-python3-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-python3-4.11.14+git.247.8c858f7ee14-4.19.1 samba-python3-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-winbind-4.11.14+git.247.8c858f7ee14-4.19.1 samba-winbind-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.14+git.247.8c858f7ee14-4.19.1 samba-ceph-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libdcerpc0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-krb5pac0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-nbt0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-standard0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libndr-standard0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libndr0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libndr0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libnetapi0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libnetapi0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-credentials0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-errors0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-hostconfig0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-passdb0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-util0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsamba-util0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsamdb0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsamdb0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbconf0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbconf0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbldap2-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libsmbldap2-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libtevent-util0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libtevent-util0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 libwbclient0-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 libwbclient0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-libs-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 samba-libs-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-winbind-32bit-4.11.14+git.247.8c858f7ee14-4.19.1 samba-winbind-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.247.8c858f7ee14-4.19.1 ctdb-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-debuginfo-4.11.14+git.247.8c858f7ee14-4.19.1 samba-debugsource-4.11.14+git.247.8c858f7ee14-4.19.1 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-20277.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1179156 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1184310 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Thu Apr 29 19:17:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 21:17:01 +0200 (CEST) Subject: SUSE-RU-2021:1446-1: moderate: Recommended update for kernel-firmware Message-ID: <20210429191701.C208AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1446-1 Rating: moderate References: #1184716 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware provides the following fixes: - Rebuild to include in the SLE-Micro product. (bsc#1184716) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1446=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1446=1 Package List: - SUSE MicroOS 5.0 (noarch): kernel-firmware-20200107-3.20.1 ucode-amd-20200107-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-firmware-20200107-3.20.1 ucode-amd-20200107-3.20.1 References: https://bugzilla.suse.com/1184716 From sle-updates at lists.suse.com Thu Apr 29 19:18:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Apr 2021 21:18:04 +0200 (CEST) Subject: SUSE-SU-2021:1445-1: important: Security update for samba Message-ID: <20210429191804.79381FDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1445-1 Rating: important References: #1178469 #1179156 #1184677 Cross-References: CVE-2021-20254 CVSS scores: CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1445=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1445=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1445=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1445=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1445=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-4.7.11+git.316.432f0218290-4.54.1 libndr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi-devel-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util-devel-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-4.7.11+git.316.432f0218290-4.54.1 samba-client-4.7.11+git.316.432f0218290-4.54.1 samba-client-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-core-devel-4.7.11+git.316.432f0218290-4.54.1 samba-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-debugsource-4.7.11+git.316.432f0218290-4.54.1 samba-libs-4.7.11+git.316.432f0218290-4.54.1 samba-libs-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-32bit-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-32bit-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-32bit-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-32bit-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-client-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-client-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-libs-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-libs-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-4.7.11+git.316.432f0218290-4.54.1 libndr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi-devel-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util-devel-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-4.7.11+git.316.432f0218290-4.54.1 samba-client-4.7.11+git.316.432f0218290-4.54.1 samba-client-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-core-devel-4.7.11+git.316.432f0218290-4.54.1 samba-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-debugsource-4.7.11+git.316.432f0218290-4.54.1 samba-libs-4.7.11+git.316.432f0218290-4.54.1 samba-libs-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-4.7.11+git.316.432f0218290-4.54.1 libndr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi-devel-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util-devel-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-4.7.11+git.316.432f0218290-4.54.1 samba-client-4.7.11+git.316.432f0218290-4.54.1 samba-client-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-core-devel-4.7.11+git.316.432f0218290-4.54.1 samba-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-debugsource-4.7.11+git.316.432f0218290-4.54.1 samba-libs-4.7.11+git.316.432f0218290-4.54.1 samba-libs-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-32bit-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-32bit-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-32bit-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-32bit-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-client-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-client-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-libs-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-libs-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr-devel-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-samr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard-devel-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-4.7.11+git.316.432f0218290-4.54.1 libndr0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi-devel-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-policy0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util-devel-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb-devel-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap-devel-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util-devel-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient-devel-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-4.7.11+git.316.432f0218290-4.54.1 samba-client-4.7.11+git.316.432f0218290-4.54.1 samba-client-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-core-devel-4.7.11+git.316.432f0218290-4.54.1 samba-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-debugsource-4.7.11+git.316.432f0218290-4.54.1 samba-libs-4.7.11+git.316.432f0218290-4.54.1 samba-libs-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.316.432f0218290-4.54.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-32bit-4.7.11+git.316.432f0218290-4.54.1 libdcerpc0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr-standard0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libndr0-32bit-4.7.11+git.316.432f0218290-4.54.1 libndr0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-32bit-4.7.11+git.316.432f0218290-4.54.1 libnetapi0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamba-util0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsamdb0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbclient0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbconf0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-32bit-4.7.11+git.316.432f0218290-4.54.1 libsmbldap2-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-32bit-4.7.11+git.316.432f0218290-4.54.1 libtevent-util0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-32bit-4.7.11+git.316.432f0218290-4.54.1 libwbclient0-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-client-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-client-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-libs-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-libs-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-32bit-4.7.11+git.316.432f0218290-4.54.1 samba-winbind-32bit-debuginfo-4.7.11+git.316.432f0218290-4.54.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.316.432f0218290-4.54.1 ctdb-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-debuginfo-4.7.11+git.316.432f0218290-4.54.1 samba-debugsource-4.7.11+git.316.432f0218290-4.54.1 References: https://www.suse.com/security/cve/CVE-2021-20254.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1179156 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Fri Apr 30 06:10:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 08:10:45 +0200 (CEST) Subject: SUSE-CU-2021:129-1: Security update of suse/sles12sp4 Message-ID: <20210430061045.440D5B46139@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:129-1 Container Tags : suse/sles12sp4:26.284 , suse/sles12sp4:latest Container Release : 26.284 Severity : important Type : security References : 1050467 1182899 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1429-1 Released: Thu Apr 29 10:04:35 2021 Summary: Security update for permissions Type: security Severity: important References: 1050467,1182899 This update for permissions fixes the following issues: - Update to version 20170707: * make btmp root:utmp (bsc#1050467, bsc#1182899) From sle-updates at lists.suse.com Fri Apr 30 06:18:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 08:18:48 +0200 (CEST) Subject: SUSE-CU-2021:130-1: Security update of suse/sles12sp5 Message-ID: <20210430061848.A5AE2B46139@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:130-1 Container Tags : suse/sles12sp5:6.5.170 , suse/sles12sp5:latest Container Release : 6.5.170 Severity : important Type : security References : 1050467 1182899 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1429-1 Released: Thu Apr 29 10:04:35 2021 Summary: Security update for permissions Type: security Severity: important References: 1050467,1182899 This update for permissions fixes the following issues: - Update to version 20170707: * make btmp root:utmp (bsc#1050467, bsc#1182899) From sle-updates at lists.suse.com Fri Apr 30 06:26:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 08:26:37 +0200 (CEST) Subject: SUSE-CU-2021:131-1: Recommended update of suse/sle15 Message-ID: <20210430062637.DB22BB46139@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:131-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.900 Container Release : 8.2.900 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation From sle-updates at lists.suse.com Fri Apr 30 10:16:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:16:37 +0200 (CEST) Subject: SUSE-RU-2021:1448-1: moderate: Recommended update for pidentd Message-ID: <20210430101637.D2460FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for pidentd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1448-1 Rating: moderate References: #1185070 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pidentd fixes the following issues: - Use '/run' instead of '/var/run'. (bsc#1185070) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1448=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1448=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): pidentd-3.0.19-3.6.1 pidentd-debuginfo-3.0.19-3.6.1 pidentd-debugsource-3.0.19-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): pidentd-3.0.19-3.6.1 pidentd-debuginfo-3.0.19-3.6.1 pidentd-debugsource-3.0.19-3.6.1 References: https://bugzilla.suse.com/1185070 From sle-updates at lists.suse.com Fri Apr 30 10:17:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:17:44 +0200 (CEST) Subject: SUSE-RU-2021:1451-1: moderate: Recommended update for dhcp Message-ID: <20210430101744.4B896FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1451-1 Rating: moderate References: #1185157 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1451=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1451=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1451=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1451=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.5-6.6.1 dhcp-debugsource-4.3.5-6.6.1 dhcp-relay-4.3.5-6.6.1 dhcp-relay-debuginfo-4.3.5-6.6.1 dhcp-server-4.3.5-6.6.1 dhcp-server-debuginfo-4.3.5-6.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.5-6.6.1 dhcp-debugsource-4.3.5-6.6.1 dhcp-relay-4.3.5-6.6.1 dhcp-relay-debuginfo-4.3.5-6.6.1 dhcp-server-4.3.5-6.6.1 dhcp-server-debuginfo-4.3.5-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.5-6.6.1 dhcp-client-4.3.5-6.6.1 dhcp-client-debuginfo-4.3.5-6.6.1 dhcp-debuginfo-4.3.5-6.6.1 dhcp-debugsource-4.3.5-6.6.1 dhcp-devel-4.3.5-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dhcp-4.3.5-6.6.1 dhcp-client-4.3.5-6.6.1 dhcp-client-debuginfo-4.3.5-6.6.1 dhcp-debuginfo-4.3.5-6.6.1 dhcp-debugsource-4.3.5-6.6.1 dhcp-devel-4.3.5-6.6.1 References: https://bugzilla.suse.com/1185157 From sle-updates at lists.suse.com Fri Apr 30 10:18:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:18:50 +0200 (CEST) Subject: SUSE-RU-2021:1450-1: moderate: Recommended update for apparmor Message-ID: <20210430101850.41CC1FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1450-1 Rating: moderate References: #1183599 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - Enable access to sssd fast cache for nameservice users. (bsc#1183599) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1450=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1450=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-51.27.1 libapparmor-devel-2.8.2-51.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-51.27.1 apache2-mod_apparmor-debuginfo-2.8.2-51.27.1 apparmor-debugsource-2.8.2-51.27.1 apparmor-parser-2.8.2-51.27.1 apparmor-parser-debuginfo-2.8.2-51.27.1 libapparmor1-2.8.2-51.27.1 libapparmor1-debuginfo-2.8.2-51.27.1 pam_apparmor-2.8.2-51.27.1 perl-apparmor-2.8.2-51.27.1 perl-apparmor-debuginfo-2.8.2-51.27.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): pam_apparmor-debuginfo-2.8.2-51.27.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libapparmor1-32bit-2.8.2-51.27.1 libapparmor1-debuginfo-32bit-2.8.2-51.27.1 pam_apparmor-32bit-2.8.2-51.27.1 pam_apparmor-debuginfo-32bit-2.8.2-51.27.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apparmor-docs-2.8.2-51.27.1 apparmor-profiles-2.8.2-51.27.1 apparmor-utils-2.8.2-51.27.1 References: https://bugzilla.suse.com/1183599 From sle-updates at lists.suse.com Fri Apr 30 10:19:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:19:57 +0200 (CEST) Subject: SUSE-RU-2021:14711-1: moderate: Recommended update for supportutils Message-ID: <20210430101957.8608DFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14711-1 Rating: moderate References: #1177688 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils fixes the following issues: - Secure uploads to SUSE domain by default. (bsc#1177688) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-supportutils-14711=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-supportutils-14711=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): supportutils-1.21-122.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): supportutils-1.21-122.12.1 References: https://bugzilla.suse.com/1177688 From sle-updates at lists.suse.com Fri Apr 30 10:21:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:21:01 +0200 (CEST) Subject: SUSE-RU-2021:1449-1: moderate: Recommended update for systemd-presets-branding-SLE Message-ID: <20210430102101.3360CFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1449-1 Rating: moderate References: #1165780 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1449=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1449=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-presets-branding-SLE-15.1-20.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-presets-branding-SLE-15.1-20.8.1 References: https://bugzilla.suse.com/1165780 From sle-updates at lists.suse.com Fri Apr 30 10:22:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:22:14 +0200 (CEST) Subject: SUSE-SU-2021:1453-1: important: Security update for cups Message-ID: <20210430102214.75F92FDE1@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1453-1 Rating: important References: #1184161 Cross-References: CVE-2021-25317 CVSS scores: CVE-2021-25317 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1453=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1453=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1453=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1453=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1453=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1453=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1453=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1453=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1453=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1453=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1453=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1453=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1453=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1453=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1453=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE OpenStack Cloud 9 (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE OpenStack Cloud 8 (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.36.1 cups-ddk-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-devel-1.7.5-20.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 - HPE Helion Openstack 8 (x86_64): cups-1.7.5-20.36.1 cups-client-1.7.5-20.36.1 cups-client-debuginfo-1.7.5-20.36.1 cups-debuginfo-1.7.5-20.36.1 cups-debugsource-1.7.5-20.36.1 cups-libs-1.7.5-20.36.1 cups-libs-32bit-1.7.5-20.36.1 cups-libs-debuginfo-1.7.5-20.36.1 cups-libs-debuginfo-32bit-1.7.5-20.36.1 References: https://www.suse.com/security/cve/CVE-2021-25317.html https://bugzilla.suse.com/1184161 From sle-updates at lists.suse.com Fri Apr 30 10:23:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:23:28 +0200 (CEST) Subject: SUSE-SU-2021:14712-1: important: Security update for cups Message-ID: <20210430102328.6C7A2FDE1@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14712-1 Rating: important References: #1184161 Cross-References: CVE-2021-25317 CVSS scores: CVE-2021-25317 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cups-14712=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cups-14712=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cups-14712=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-cups-14712=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cups-1.3.9-8.46.56.18.1 cups-client-1.3.9-8.46.56.18.1 cups-libs-1.3.9-8.46.56.18.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.56.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cups-1.3.9-8.46.56.18.1 cups-client-1.3.9-8.46.56.18.1 cups-libs-1.3.9-8.46.56.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cups-debuginfo-1.3.9-8.46.56.18.1 cups-debugsource-1.3.9-8.46.56.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): cups-debuginfo-1.3.9-8.46.56.18.1 cups-debugsource-1.3.9-8.46.56.18.1 References: https://www.suse.com/security/cve/CVE-2021-25317.html https://bugzilla.suse.com/1184161 From sle-updates at lists.suse.com Fri Apr 30 10:24:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 12:24:45 +0200 (CEST) Subject: SUSE-SU-2021:1454-1: important: Security update for cups Message-ID: <20210430102445.0A7F2FDE1@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1454-1 Rating: important References: #1184161 Cross-References: CVE-2021-25317 CVSS scores: CVE-2021-25317 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1454=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1454=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1454=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1454=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1454=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1454=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1454=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1454=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1454=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1454=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1454=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1454=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1454=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1454=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1454=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1454=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1454=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Manager Server 4.0 (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Manager Proxy 4.0 (x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 - SUSE Enterprise Storage 6 (x86_64): libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 - SUSE CaaS Platform 4.0 (x86_64): cups-2.2.7-3.26.1 cups-client-2.2.7-3.26.1 cups-client-debuginfo-2.2.7-3.26.1 cups-config-2.2.7-3.26.1 cups-ddk-2.2.7-3.26.1 cups-ddk-debuginfo-2.2.7-3.26.1 cups-debuginfo-2.2.7-3.26.1 cups-debugsource-2.2.7-3.26.1 cups-devel-2.2.7-3.26.1 libcups2-2.2.7-3.26.1 libcups2-32bit-2.2.7-3.26.1 libcups2-32bit-debuginfo-2.2.7-3.26.1 libcups2-debuginfo-2.2.7-3.26.1 libcupscgi1-2.2.7-3.26.1 libcupscgi1-debuginfo-2.2.7-3.26.1 libcupsimage2-2.2.7-3.26.1 libcupsimage2-debuginfo-2.2.7-3.26.1 libcupsmime1-2.2.7-3.26.1 libcupsmime1-debuginfo-2.2.7-3.26.1 libcupsppdc1-2.2.7-3.26.1 libcupsppdc1-debuginfo-2.2.7-3.26.1 References: https://www.suse.com/security/cve/CVE-2021-25317.html https://bugzilla.suse.com/1184161 From sle-updates at lists.suse.com Fri Apr 30 13:16:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 15:16:00 +0200 (CEST) Subject: SUSE-RU-2021:1456-1: important: Recommended update for cifs-utils Message-ID: <20210430131600.9D9A7FE04@maintenance.suse.de> SUSE Recommended Update: Recommended update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1456-1 Rating: important References: #1184815 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1456=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1456=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1456=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1456=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1456=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1456=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1456=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1456=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1456=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1456=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1456=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Manager Proxy 4.0 (x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 - SUSE CaaS Platform 4.0 (x86_64): cifs-utils-6.9-5.12.1 cifs-utils-debuginfo-6.9-5.12.1 cifs-utils-debugsource-6.9-5.12.1 cifs-utils-devel-6.9-5.12.1 References: https://bugzilla.suse.com/1184815 From sle-updates at lists.suse.com Fri Apr 30 13:17:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 15:17:11 +0200 (CEST) Subject: SUSE-SU-2021:1455-1: important: Security update for cifs-utils Message-ID: <20210430131711.857CEFE04@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1455-1 Rating: important References: #1152930 #1174477 #1183239 #1184815 Cross-References: CVE-2020-14342 CVE-2021-20208 CVSS scores: CVE-2020-14342 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14342 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-20208 (NVD) : 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239) - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477) This update for cifs-utils fixes the following issues: - Solve invalid directory mounting. When attempting to change the current working directory into non-existing directories, mount.cifs crashes. (bsc#1152930) - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update. (bsc#1184815) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1455=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1455=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 References: https://www.suse.com/security/cve/CVE-2020-14342.html https://www.suse.com/security/cve/CVE-2021-20208.html https://bugzilla.suse.com/1152930 https://bugzilla.suse.com/1174477 https://bugzilla.suse.com/1183239 https://bugzilla.suse.com/1184815 From sle-updates at lists.suse.com Fri Apr 30 16:15:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 18:15:18 +0200 (CEST) Subject: SUSE-RU-2021:1457-1: important: Recommended update for cifs-utils Message-ID: <20210430161518.EFFDEFE04@maintenance.suse.de> SUSE Recommended Update: Recommended update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1457-1 Rating: important References: #1184815 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1457=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1457=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1457=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1457=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1457=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1457=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1457=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1457=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1457=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE OpenStack Cloud 8 (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 - HPE Helion Openstack 8 (x86_64): cifs-utils-6.9-9.15.1 cifs-utils-debuginfo-6.9-9.15.1 cifs-utils-debugsource-6.9-9.15.1 References: https://bugzilla.suse.com/1184815 From sle-updates at lists.suse.com Fri Apr 30 16:16:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 18:16:21 +0200 (CEST) Subject: SUSE-RU-2021:1459-1: moderate: Recommended update for lttng-modules Message-ID: <20210430161621.7FEB6FE04@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1459-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lttng-modules fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1459=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1459=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1459=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): lttng-modules-2.10.0-5.8.6 lttng-modules-debugsource-2.10.0-5.8.6 lttng-modules-kmp-default-2.10.0_k4.12.14_150.69-5.8.6 lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_150.69-5.8.6 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): lttng-modules-2.10.0-5.8.6 lttng-modules-debugsource-2.10.0-5.8.6 lttng-modules-kmp-default-2.10.0_k4.12.14_150.69-5.8.6 lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_150.69-5.8.6 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): lttng-modules-2.10.0-5.8.6 lttng-modules-debugsource-2.10.0-5.8.6 lttng-modules-kmp-default-2.10.0_k4.12.14_150.69-5.8.6 lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_150.69-5.8.6 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri Apr 30 16:17:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 18:17:26 +0200 (CEST) Subject: SUSE-RU-2021:1461-1: important: Recommended update for cifs-utils Message-ID: <20210430161726.79A07FE04@maintenance.suse.de> SUSE Recommended Update: Recommended update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1461-1 Rating: important References: #1184815 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1461=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1461=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1461=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1461=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1461=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1461=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cifs-utils-6.9-13.17.1 cifs-utils-debuginfo-6.9-13.17.1 cifs-utils-debugsource-6.9-13.17.1 - SUSE OpenStack Cloud 9 (x86_64): cifs-utils-6.9-13.17.1 cifs-utils-debuginfo-6.9-13.17.1 cifs-utils-debugsource-6.9-13.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-13.17.1 cifs-utils-debugsource-6.9-13.17.1 cifs-utils-devel-6.9-13.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cifs-utils-6.9-13.17.1 cifs-utils-debuginfo-6.9-13.17.1 cifs-utils-debugsource-6.9-13.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.17.1 cifs-utils-debuginfo-6.9-13.17.1 cifs-utils-debugsource-6.9-13.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.17.1 cifs-utils-debuginfo-6.9-13.17.1 cifs-utils-debugsource-6.9-13.17.1 References: https://bugzilla.suse.com/1184815 From sle-updates at lists.suse.com Fri Apr 30 16:18:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 18:18:34 +0200 (CEST) Subject: SUSE-SU-2021:1458-1: important: Security update for containerd, docker, runc Message-ID: <20210430161834.3C8DDFE04@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1458-1 Rating: important References: #1028638 #1034053 #1048046 #1051429 #1053532 #1095817 #1118897 #1118898 #1118899 #1121967 #1131314 #1131553 #1149954 #1152308 #1160452 #1168481 #1175081 #1175821 #1181594 #1181641 #1181677 #1181730 #1181732 #1181749 #1182451 #1182476 #1182947 #1183024 #1183397 #1183855 #1184768 #1184962 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-16884 CVE-2019-19921 CVE-2019-5736 CVE-2021-21284 CVE-2021-21285 CVE-2021-21334 CVSS scores: CVE-2018-16873 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-16873 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16874 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-16874 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2018-16875 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-16875 (SUSE): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16884 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19921 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-5736 (NVD) : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2019-5736 (SUSE): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2021-21284 (NVD) : 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2021-21284 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N CVE-2021-21285 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-21285 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2021-21334 (NVD) : 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-21334 (SUSE): 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 23 fixes is now available. Description: This update for containerd, docker, runc fixes the following issues: - Docker was updated to 20.10.6-ce * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). - runc was updated to v1.0.0~rc93 (bsc#1182451 and bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * Fixed an issue where podman hangs when spawned by salt-minion process (bsc#1149954). * CVE-2019-19921: Fixed a race condition with shared mounts (bsc#1160452). * CVE-2019-16884: Fixed an LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). * CVE-2019-5736: Fixed potential write attacks to the host runc binary (bsc#1121967). * Fixed an issue where after a kernel-update docker doesn't run (bsc#1131314 bsc#1131553) * Ensure that we always include the version information in runc (bsc#1053532). - Switch to Go 1.13 for build. * CVE-2018-16873: Fixed a potential remote code execution (bsc#1118897). * CVE-2018-16874: Fixed a directory traversal in "go get" via curly braces in import paths (bsc#1118898). * CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899). * Fixed an issue with building containers (bsc#1095817). - containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). * Install the containerd-shim* binaries and stop creating (bsc#1183024). * update version to the one required by docker (bsc#1034053) - Use -buildmode=pie for tests and binary build (bsc#1048046, bsc#1051429) - Cleanup seccomp builds similar (bsc#1028638). - Update to handle the docker-runc removal, and drop the -kubic flavour (bsc#1181677, bsc#1181749) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-1458=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.4.4-16.38.1 docker-20.10.6_ce-98.66.1 docker-debuginfo-20.10.6_ce-98.66.1 runc-1.0.0~rc93-16.8.1 runc-debuginfo-1.0.0~rc93-16.8.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-16884.html https://www.suse.com/security/cve/CVE-2019-19921.html https://www.suse.com/security/cve/CVE-2019-5736.html https://www.suse.com/security/cve/CVE-2021-21284.html https://www.suse.com/security/cve/CVE-2021-21285.html https://www.suse.com/security/cve/CVE-2021-21334.html https://bugzilla.suse.com/1028638 https://bugzilla.suse.com/1034053 https://bugzilla.suse.com/1048046 https://bugzilla.suse.com/1051429 https://bugzilla.suse.com/1053532 https://bugzilla.suse.com/1095817 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1131314 https://bugzilla.suse.com/1131553 https://bugzilla.suse.com/1149954 https://bugzilla.suse.com/1152308 https://bugzilla.suse.com/1160452 https://bugzilla.suse.com/1168481 https://bugzilla.suse.com/1175081 https://bugzilla.suse.com/1175821 https://bugzilla.suse.com/1181594 https://bugzilla.suse.com/1181641 https://bugzilla.suse.com/1181677 https://bugzilla.suse.com/1181730 https://bugzilla.suse.com/1181732 https://bugzilla.suse.com/1181749 https://bugzilla.suse.com/1182451 https://bugzilla.suse.com/1182476 https://bugzilla.suse.com/1182947 https://bugzilla.suse.com/1183024 https://bugzilla.suse.com/1183397 https://bugzilla.suse.com/1183855 https://bugzilla.suse.com/1184768 https://bugzilla.suse.com/1184962 From sle-updates at lists.suse.com Fri Apr 30 16:22:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 18:22:26 +0200 (CEST) Subject: SUSE-SU-2021:1460-1: important: Security update for xen Message-ID: <20210430162226.0F3F4FE04@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1460-1 Rating: important References: #1027519 #1177204 #1178591 #1179148 #1181254 #1181989 #1183072 Cross-References: CVE-2020-28368 CVE-2021-28687 CVE-2021-3308 CVSS scores: CVE-2020-28368 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-28368 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack (bsc#1178591, XSA-351) - CVE-2021-3308: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small (bsc#1177204). - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1460=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1460=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1460=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1460=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1460=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1460=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1460=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1460=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1460=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Manager Proxy 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 References: https://www.suse.com/security/cve/CVE-2020-28368.html https://www.suse.com/security/cve/CVE-2021-28687.html https://www.suse.com/security/cve/CVE-2021-3308.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1177204 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1179148 https://bugzilla.suse.com/1181254 https://bugzilla.suse.com/1181989 https://bugzilla.suse.com/1183072 From sle-updates at lists.suse.com Fri Apr 30 16:24:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Apr 2021 18:24:03 +0200 (CEST) Subject: SUSE-RU-2021:1462-1: moderate: Recommended update for cloud-init Message-ID: <20210430162403.4137FFE04@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1462-1 Rating: moderate References: #1181283 #1184085 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1462=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1462=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1462=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.45.1 cloud-init-config-suse-20.2-8.45.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.45.1 cloud-init-config-suse-20.2-8.45.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.45.1 cloud-init-config-suse-20.2-8.45.1 References: https://bugzilla.suse.com/1181283 https://bugzilla.suse.com/1184085