From sle-updates at lists.suse.com Sun Aug 1 06:06:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 1 Aug 2021 08:06:15 +0200 (CEST) Subject: SUSE-IU-2021:605-1: Security update of suse-sles-15-sp3-chost-byos-v20210729-hvm-ssd-x86_64 Message-ID: <20210801060615.58DB8FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20210729-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:605-1 Image Tags : suse-sles-15-sp3-chost-byos-v20210729-hvm-ssd-x86_64:20210729 Image Release : Severity : important Type : security References : 1001161 1002895 1007715 1009532 1011548 1013125 1027282 1029377 1029902 1029961 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1038194 1040164 1040589 1042670 1044232 1047218 1047218 1047218 1048046 1050625 1051143 1051429 1055117 1065270 1065609 1065729 1068716 1068716 1070853 1071321 1073299 1073313 1073421 1073877 1074971 1078466 1079603 1079761 1080040 1080978 1081495 1081750 1081947 1082007 1082008 1082009 1082010 1082011 1082014 1082058 1082318 1082318 1083473 1083507 1084533 1084812 1084842 1084934 1086001 1086185 1087082 1087082 1087433 1087434 1087436 1087437 1087440 1087441 1087550 1087982 1088004 1088009 1088279 1088524 1088573 1089524 1089640 1089777 1090767 1091109 1092100 1093392 1093617 1094222 1094680 1094814 1094814 1095817 1096191 1096405 1096406 1096407 1096408 1096515 1096726 1096974 1096984 1097073 1097410 1097455 1098017 1098217 1098449 1098681 1099272 1099277 1099358 1099358 1099521 1100077 1100331 1100369 1100687 1100727 1101023 1101797 1102046 1102310 1102522 1102564 1103320 1103320 1104531 1104700 1104821 1105000 1105068 1105166 1105396 1105435 1106014 1106390 1106873 1107030 1107030 1107066 1107067 1107105 1108038 1109160 1109663 1109847 1110304 1110700 1111019 1111388 1111973 1112310 1112500 1112530 1112532 1112723 1112726 1112980 1113295 1113313 1113554 1113978 1114209 1114209 1114407 1114592 1114832 1114832 1114845 1115408 1115464 1115550 1115640 1115750 1115929 1116767 1117147 1117267 1118086 1118118 1118364 1118367 1118368 1118897 1118897 1118897 1118897 1118898 1118898 1118898 1118898 1118899 1118899 1118899 1118899 1118990 1119063 1119069 1119069 1119105 1119397 1119634 1119687 1119706 1120374 1120382 1120402 1120610 1120644 1120644 1120862 1121045 1121207 1121397 1121412 1121624 1121753 1121878 1121967 1121967 1121967 1122191 1122191 1122271 1122469 1122983 1123013 1123043 1123685 1123694 1123919 1124211 1124223 1124308 1125007 1125306 1125410 1125671 1125815 1125950 1125992 1126101 1126117 1126118 1126119 1126377 1127544 1127840 1128220 1128246 1128323 1128376 1128383 1128746 1128828 1129124 1129346 1129346 1129576 1129598 1129859 1129914 1130028 1130325 1130326 1130496 1130528 1130557 1130611 1130617 1130620 1130622 1130623 1130627 1130840 1130840 1131060 1131314 1131493 1131553 1131686 1132087 1132174 1132323 1132692 1132869 1133021 1133297 1133452 1133452 1133581 1133790 1133808 1134068 1134078 1134193 1134217 1134524 1134659 1135123 1135254 1135709 1136031 1136132 1136440 1136440 1136572 1136717 1137443 1137624 1137832 1137942 1138459 1138459 1138666 1138793 1138869 1138920 1138920 1138939 1139083 1139083 1139649 1139937 1139939 1140016 1140565 1140647 1140844 1140868 1141059 1141322 1141322 1141853 1141853 1141883 1141897 1141969 1142160 1142248 1142343 1142413 1142439 1142614 1142649 1142654 1142988 1143194 1143273 1143349 1143409 1144047 1144363 1144363 1144793 1144881 1144881 1145622 1145716 1146358 1146359 1146705 1146866 1148517 1148645 1148987 1149121 1149121 1149145 1149164 1149429 1149792 1149792 1149792 1149954 1149955 1149955 1149955 1149995 1150137 1150397 1150451 1150733 1151023 1151023 1151488 1151490 1151490 1152101 1152308 1152308 1152457 1152472 1152489 1152489 1152489 1152590 1152692 1152930 1152990 1152992 1152994 1152995 1153098 1153165 1153238 1153238 1153274 1153274 1153332 1153367 1153533 1153687 1153943 1153946 1154036 1154037 1154063 1154092 1154217 1154295 1154353 1154353 1154353 1154357 1154393 1154661 1154871 1154884 1154887 1155027 1155094 1155199 1155271 1155305 1155327 1155337 1155338 1155339 1155350 1155357 1155360 1155376 1155518 1155518 1156139 1156205 1156395 1156884 1156913 1157051 1157278 1157438 1157794 1157818 1157894 1158095 1158095 1158504 1158509 1158527 1158590 1158630 1158630 1158758 1158812 1158830 1158830 1158833 1158921 1158958 1158959 1158960 1159006 1159035 1159086 1159491 1159622 1159715 1159819 1159819 1159840 1159847 1159850 1159928 1160309 1160438 1160439 1160452 1160571 1160634 1160735 1160970 1160978 1160979 1161119 1161132 1161133 1161168 1161215 1161216 1161218 1161219 1161220 1161239 1161276 1161517 1161521 1161573 1161770 1162224 1162367 1162396 1162423 1162825 1162936 1162937 1162964 1163178 1163178 1164076 1164562 1164648 1164648 1164719 1164736 1164804 1164950 1164950 1165296 1165424 1165539 1165780 1165780 1165828 1165894 1165894 1166260 1166334 1166510 1166510 1166602 1166748 1166880 1166881 1167205 1167206 1167244 1167260 1167494 1167574 1167674 1167732 1167773 1167898 1167919 1168345 1168422 1168481 1168669 1168669 1168699 1168771 1168777 1168838 1168938 1169357 1169444 1169512 1169569 1169582 1169709 1169746 1169872 1169944 1169947 1169997 1170154 1170160 1170347 1170347 1170475 1170476 1170527 1170571 1170572 1170667 1170671 1170713 1170771 1170801 1170838 1170908 1170964 1171295 1171313 1171546 1171561 1171656 1171740 1171762 1171806 1171872 1171883 1171978 1171995 1172021 1172055 1172091 1172113 1172115 1172225 1172234 1172236 1172240 1172377 1172396 1172442 1172477 1172566 1172695 1172698 1172704 1172798 1172807 1172807 1172816 1172846 1172861 1172863 1172925 1172929 1172958 1173026 1173027 1173032 1173104 1173106 1173238 1173240 1173256 1173273 1173274 1173307 1173311 1173336 1173357 1173391 1173433 1173470 1173485 1173529 1173560 1173641 1173760 1173972 1173983 1174011 1174016 1174075 1174079 1174091 1174091 1174154 1174162 1174240 1174257 1174257 1174260 1174416 1174426 1174443 1174444 1174477 1174514 1174551 1174561 1174564 1174571 1174593 1174618 1174673 1174697 1174701 1174736 1174753 1174817 1174847 1174918 1174918 1174978 1175081 1175109 1175110 1175168 1175250 1175251 1175281 1175289 1175342 1175443 1175448 1175449 1175519 1175568 1175592 1175811 1175821 1175830 1175831 1175844 1175960 1175989 1175995 1176086 1176092 1176123 1176155 1176171 1176173 1176173 1176179 1176181 1176192 1176201 1176262 1176262 1176262 1176285 1176325 1176435 1176447 1176447 1176447 1176549 1176671 1176674 1176708 1176712 1176740 1176759 1176771 1176774 1176774 1176784 1176785 1176902 1176919 1177028 1177028 1177047 1177125 1177127 1177211 1177222 1177238 1177238 1177275 1177326 1177427 1177460 1177460 1177460 1177460 1177479 1177526 1177526 1177533 1177583 1177658 1177666 1177666 1177695 1177811 1177858 1177864 1177870 1177914 1178009 1178089 1178134 1178134 1178134 1178163 1178168 1178168 1178217 1178219 1178288 1178330 1178346 1178346 1178350 1178353 1178376 1178378 1178378 1178387 1178418 1178466 1178490 1178512 1178577 1178612 1178624 1178627 1178675 1178680 1178727 1178775 1178801 1178801 1178823 1178882 1178882 1178909 1178910 1178966 1178969 1179083 1179150 1179151 1179193 1179193 1179222 1179243 1179398 1179399 1179415 1179431 1179491 1179503 1179519 1179593 1179610 1179630 1179691 1179691 1179738 1179756 1179805 1179816 1179825 1179827 1179847 1179851 1179909 1180020 1180073 1180077 1180083 1180119 1180138 1180176 1180197 1180243 1180336 1180377 1180401 1180401 1180403 1180520 1180596 1180603 1180603 1180663 1180686 1180713 1180721 1180814 1180827 1180846 1180851 1180851 1181011 1181104 1181126 1181131 1181173 1181283 1181283 1181319 1181328 1181358 1181383 1181443 1181507 1181540 1181594 1181622 1181641 1181651 1181674 1181677 1181730 1181730 1181732 1181732 1181749 1181831 1181862 1181874 1181874 1181944 1181967 1181976 1182016 1182066 1182077 1182168 1182244 1182257 1182279 1182324 1182328 1182331 1182333 1182362 1182372 1182377 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182451 1182470 1182476 1182552 1182574 1182604 1182613 1182629 1182688 1182712 1182715 1182717 1182791 1182899 1182936 1182936 1182947 1182959 1182999 1182999 1183012 1183022 1183024 1183064 1183069 1183094 1183194 1183194 1183239 1183252 1183268 1183277 1183278 1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286 1183287 1183288 1183289 1183310 1183311 1183312 1183313 1183314 1183315 1183316 1183317 1183318 1183319 1183320 1183321 1183322 1183323 1183324 1183326 1183346 1183366 1183369 1183370 1183371 1183374 1183386 1183405 1183412 1183427 1183428 1183445 1183447 1183453 1183456 1183457 1183491 1183501 1183509 1183530 1183534 1183540 1183589 1183593 1183596 1183598 1183628 1183628 1183637 1183646 1183658 1183662 1183686 1183692 1183712 1183750 1183757 1183775 1183791 1183800 1183801 1183815 1183852 1183855 1183868 1183871 1183873 1183933 1183934 1183947 1183976 1184074 1184081 1184082 1184085 1184120 1184124 1184124 1184124 1184136 1184161 1184167 1184168 1184170 1184171 1184192 1184193 1184194 1184196 1184197 1184198 1184199 1184208 1184209 1184211 1184212 1184217 1184218 1184219 1184220 1184224 1184259 1184264 1184326 1184358 1184386 1184388 1184391 1184393 1184399 1184400 1184401 1184435 1184436 1184436 1184485 1184505 1184507 1184514 1184521 1184585 1184611 1184614 1184615 1184631 1184644 1184650 1184685 1184687 1184690 1184710 1184724 1184728 1184730 1184731 1184736 1184737 1184738 1184740 1184741 1184742 1184768 1184769 1184811 1184815 1184855 1184934 1184942 1184943 1184955 1184962 1184969 1184984 1184997 1184997 1184997 1185010 1185020 1185073 1185113 1185157 1185163 1185170 1185190 1185195 1185233 1185239 1185239 1185269 1185277 1185325 1185405 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185428 1185428 1185438 1185486 1185491 1185495 1185497 1185540 1185549 1185550 1185558 1185562 1185570 1185573 1185581 1185586 1185587 1185589 1185606 1185640 1185641 1185642 1185645 1185670 1185675 1185675 1185677 1185680 1185698 1185701 1185703 1185725 1185736 1185748 1185758 1185796 1185807 1185828 1185840 1185857 1185898 1185899 1185910 1185911 1185938 1185950 1185958 1185980 1185988 1186009 1186015 1186049 1186061 1186111 1186114 1186118 1186155 1186206 1186219 1186285 1186286 1186320 1186349 1186352 1186353 1186354 1186355 1186356 1186357 1186382 1186401 1186408 1186411 1186439 1186441 1186447 1186460 1186463 1186472 1186479 1186484 1186498 1186501 1186501 1186503 1186512 1186561 1186579 1186642 1186642 1186642 1186642 1186642 1186666 1186672 1186677 1186681 1186681 1186752 1186791 1186885 1186928 1186949 1186949 1186950 1186951 1186952 1186953 1186954 1186955 1186956 1186957 1186958 1186959 1186960 1186961 1186962 1186963 1186964 1186965 1186966 1186967 1186968 1186969 1186970 1186971 1186972 1186973 1186974 1186976 1186977 1186978 1186979 1186980 1186981 1186982 1186983 1186984 1186985 1186986 1186987 1186988 1186989 1186990 1186991 1186992 1186993 1186994 1186995 1186996 1186997 1186998 1186999 1187000 1187001 1187002 1187003 1187038 1187039 1187045 1187050 1187052 1187060 1187067 1187068 1187069 1187072 1187091 1187093 1187105 1187143 1187144 1187154 1187167 1187171 1187210 1187212 1187263 1187292 1187334 1187344 1187345 1187346 1187347 1187348 1187349 1187350 1187351 1187356 1187357 1187386 1187402 1187403 1187404 1187407 1187408 1187409 1187410 1187411 1187412 1187413 1187452 1187554 1187595 1187601 1187711 1187795 1187867 1187883 1187886 1187927 1187972 1187980 1188062 1188063 1188116 1188127 1188217 1188218 1188219 1188220 1188282 637176 658604 673071 709442 743787 747125 751718 754447 754677 787526 809831 831629 834601 871152 885662 885882 906079 915402 917607 918346 927831 928700 928701 935885 942751 951166 953659 960273 969953 983582 984751 985177 985348 985657 989523 996146 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2012-6708 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2015-0247 CVE-2015-1572 CVE-2015-3414 CVE-2015-3415 CVE-2015-9251 CVE-2016-0772 CVE-2016-1000110 CVE-2016-10745 CVE-2016-3189 CVE-2016-5636 CVE-2016-5699 CVE-2017-16808 CVE-2017-16808 CVE-2017-17740 CVE-2017-17742 CVE-2017-18207 CVE-2017-3136 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2017-9271 CVE-2018-0495 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-1000654 CVE-2018-1000802 CVE-2018-10103 CVE-2018-10105 CVE-2018-10360 CVE-2018-1060 CVE-2018-1061 CVE-2018-10892 CVE-2018-10906 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-12384 CVE-2018-12404 CVE-2018-12404 CVE-2018-12405 CVE-2018-13785 CVE-2018-14404 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14567 CVE-2018-14647 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-15664 CVE-2018-16062 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16395 CVE-2018-16396 CVE-2018-16402 CVE-2018-16403 CVE-2018-16451 CVE-2018-16452 CVE-2018-16869 CVE-2018-16873 CVE-2018-16873 CVE-2018-16873 CVE-2018-16873 CVE-2018-16874 CVE-2018-16874 CVE-2018-16874 CVE-2018-16874 CVE-2018-16875 CVE-2018-16875 CVE-2018-16875 CVE-2018-16875 CVE-2018-17466 CVE-2018-17953 CVE-2018-18310 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18508 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-19519 CVE-2018-20346 CVE-2018-20406 CVE-2018-20406 CVE-2018-20482 CVE-2018-20483 CVE-2018-20843 CVE-2018-20852 CVE-2018-20852 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4700 CVE-2018-5741 CVE-2018-6914 CVE-2018-6942 CVE-2018-7187 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-9251 CVE-2019-0816 CVE-2019-1010220 CVE-2019-1010220 CVE-2019-10160 CVE-2019-10160 CVE-2019-10906 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-11745 CVE-2019-12290 CVE-2019-12735 CVE-2019-12749 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13057 CVE-2019-13509 CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14271 CVE-2019-14853 CVE-2019-14859 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-15166 CVE-2019-15167 CVE-2019-15845 CVE-2019-15847 CVE-2019-15903 CVE-2019-15903 CVE-2019-16056 CVE-2019-16056 CVE-2019-16056 CVE-2019-16168 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-16884 CVE-2019-16884 CVE-2019-16935 CVE-2019-16935 CVE-2019-16935 CVE-2019-17006 CVE-2019-17006 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-18348 CVE-2019-18814 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19769 CVE-2019-19880 CVE-2019-19921 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19956 CVE-2019-19956 CVE-2019-19959 CVE-2019-20218 CVE-2019-20388 CVE-2019-20807 CVE-2019-20907 CVE-2019-20907 CVE-2019-20916 CVE-2019-20916 CVE-2019-20916 CVE-2019-3689 CVE-2019-3880 CVE-2019-5010 CVE-2019-5010 CVE-2019-5010 CVE-2019-5021 CVE-2019-5094 CVE-2019-5188 CVE-2019-5736 CVE-2019-5736 CVE-2019-5736 CVE-2019-5953 CVE-2019-6470 CVE-2019-6477 CVE-2019-6486 CVE-2019-6706 CVE-2019-7150 CVE-2019-7317 CVE-2019-7665 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2019-8341 CVE-2019-8675 CVE-2019-8696 CVE-2019-8842 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9636 CVE-2019-9636 CVE-2019-9674 CVE-2019-9811 CVE-2019-9893 CVE-2019-9923 CVE-2019-9936 CVE-2019-9937 CVE-2019-9947 CVE-2019-9947 CVE-2020-10001 CVE-2020-10663 CVE-2020-10933 CVE-2020-11080 CVE-2020-11501 CVE-2020-12243 CVE-2020-12399 CVE-2020-12402 CVE-2020-13401 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-13844 CVE-2020-14342 CVE-2020-14343 CVE-2020-14422 CVE-2020-14422 CVE-2020-15257 CVE-2020-15358 CVE-2020-15719 CVE-2020-15999 CVE-2020-1730 CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-24659 CVE-2020-24977 CVE-2020-25613 CVE-2020-25659 CVE-2020-25659 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-27170 CVE-2020-27171 CVE-2020-27619 CVE-2020-27673 CVE-2020-27815 CVE-2020-28196 CVE-2020-28493 CVE-2020-29651 CVE-2020-35512 CVE-2020-35519 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2020-36385 CVE-2020-36386 CVE-2020-3898 CVE-2020-7595 CVE-2020-8023 CVE-2020-8025 CVE-2020-8027 CVE-2020-8037 CVE-2020-8130 CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8277 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2020-8492 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8631 CVE-2020-8632 CVE-2020-9327 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-20193 CVE-2021-20208 CVE-2021-20231 CVE-2021-20232 CVE-2021-20268 CVE-2021-20305 CVE-2021-21284 CVE-2021-21284 CVE-2021-21285 CVE-2021-21285 CVE-2021-21334 CVE-2021-22555 CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-23134 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-25214 CVE-2021-25215 CVE-2021-25217 CVE-2021-25317 CVE-2021-26720 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28952 CVE-2021-28964 CVE-2021-28965 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-30465 CVE-2021-3177 CVE-2021-32399 CVE-2021-32760 CVE-2021-33034 CVE-2021-33200 CVE-2021-33503 CVE-2021-33560 CVE-2021-33624 CVE-2021-33909 CVE-2021-33910 CVE-2021-3426 CVE-2021-3428 CVE-2021-3444 CVE-2021-3449 CVE-2021-3468 CVE-2021-34693 CVE-2021-3483 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3573 CVE-2021-3580 ECO-550 PM-1350 SLE-5807 SLE-6533 SLE-6536 SLE-9132 SLE-9426 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20210729-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1334-1 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1096515 This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1476-1 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Type: security Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1756-1 Released: Fri Aug 24 17:12:55 2018 Summary: Recommended update for growpart Type: recommended Severity: moderate References: 1097455,1098681 This update for growpart provides the following fix: - Support btrfs resize and handle ro setup in rootgrow. (bsc#1097455, bsc#1098681) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1775-1 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: important References: 1089777,1105396 This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1804-1 Released: Fri Aug 31 13:02:24 2018 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1065609,1073877,1099277,1100727 This update for docker fixes the following issues: - Build the client binary with -buildmode=pie to fix issues on POWER. (bsc#1100727) - Fix an issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277) - Update to AppArmor patch so that signal mediation also works for signals between in-container processes. (bsc#1073877) - Do not log incorrect warnings when attempting to inject non-existent host files. (bsc#1065609) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2170-1 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1107030 This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2340-1 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Type: security Severity: moderate References: 1101797,CVE-2018-10906 This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2346-1 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: 1093617 This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2486-1 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1105068 This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2641-1 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1098217 This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2742-1 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 969953 This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2882-1 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Type: security Severity: important References: 1115750,CVE-2018-4700 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2945-1 Released: Fri Dec 14 16:43:57 2018 Summary: Security update for tcpdump Type: security Severity: moderate References: 1117267,CVE-2018-19519 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2986-1 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Type: security Severity: moderate References: 1118086,CVE-2018-16869 This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3044-1 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Type: security Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3064-1 Released: Fri Dec 28 18:39:08 2018 Summary: Security update for containerd, docker and go Type: security Severity: important References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187 This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:62-1 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1119063 This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:82-1 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1044232 This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:91-1 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1090767,1121045,1121207 This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:93-1 Released: Tue Jan 15 14:48:33 2019 Summary: Security update for wget Type: security Severity: important References: 1120382,CVE-2018-20483 This update for wget fixes the following issues: Security issue fixed: - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:104-1 Released: Tue Jan 15 18:03:13 2019 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1117147 This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:215-1 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Type: security Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:273-1 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:286-1 Released: Thu Feb 7 13:45:27 2019 Summary: Security update for docker Type: security Severity: moderate References: 1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875 This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897) - CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898) - CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: - Disable leap based builds for kubic flavor (bsc#1121412) - Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) - Allow docker images larger then 23GB (bsc#1118990) - Docker version update to version 18.09.0-ce (bsc#1115464) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:495-1 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Type: security Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:608-1 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1118118 This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:791-1 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Type: recommended Severity: moderate References: 1129598 This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:909-1 Released: Tue Apr 9 08:04:44 2019 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1129914 This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:925-1 Released: Wed Apr 10 16:32:50 2019 Summary: Security update for wget Type: security Severity: important References: 1131493,CVE-2019-5953 This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:966-1 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1128323 This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:971-1 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Type: security Severity: important References: 1129346,CVE-2019-9636 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1156-1 Released: Mon May 6 13:46:07 2019 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1125815,1132174,1132323,CVE-2016-10745,CVE-2019-10906,CVE-2019-8341 This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1234-1 Released: Tue May 14 18:31:52 2019 Summary: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Type: security Severity: important References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486 This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1352-1 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1130840,1133452,CVE-2019-9947 This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1398-1 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Type: security Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1457-1 Released: Tue Jun 11 10:09:14 2019 Summary: Security update for vim Type: security Severity: important References: 1137443,CVE-2019-12735 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1492-1 Released: Thu Jun 13 14:51:01 2019 Summary: Recommended update for libidn Type: recommended Severity: low References: 1132869 This update for libidn fixes the following issue: - The missing libidn11-32bit compat library package was provided. (bsc#1132869) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1562-1 Released: Wed Jun 19 09:16:07 2019 Summary: Security update for docker Type: security Severity: moderate References: 1096726,CVE-2018-15664 This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1595-1 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Type: security Severity: important References: 1137832,CVE-2019-12749 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1616-1 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1134659 This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1627-1 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1073421,1122271,1129859 This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1804-1 Released: Wed Jul 10 10:40:44 2019 Summary: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Type: security Severity: important References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790,CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1869-1 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2001-1 Released: Fri Jul 26 18:09:41 2019 Summary: Recommended update for docker Type: recommended Severity: important References: 1138920 This update for docker fixes the following issues: - Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2005-1 Released: Mon Jul 29 13:02:15 2019 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1116767,1119397,1121878,1123694,1125950,1125992,1126101,1132692,1136440 This update for cloud-init fixes the following issues: - Fixes a bug where only the last defined route was written to the routes configuration file (bsc#1132692) - Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950) - Improved the writing of route config files to avoid issues (bsc#1125992) - Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440) - Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878) - Added a fix to prevent the resolv.conf to be empty (bsc#1119397) - Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101) - Fixes an issue where the ifroute-eth0 file got corrupted when cloning an existing instance (bsc#1123694) Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package changelog for more details. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2050-1 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Type: security Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2087-1 Released: Wed Aug 7 18:16:48 2019 Summary: Security update for tcpdump Type: security Severity: moderate References: 1068716,1142439,CVE-2017-16808,CVE-2019-1010220 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2117-1 Released: Tue Aug 13 14:56:55 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: important References: 1100331,1121967,1138920,1139649,1142160,1142413,1143409,CVE-2018-10892,CVE-2019-13509,CVE-2019-14271,CVE-2019-5736 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2142-1 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1141322 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2357-1 Released: Wed Sep 11 13:26:14 2019 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1136132 This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2494-1 Released: Mon Sep 30 16:22:20 2019 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1141969,1144363,1144881 This update for cloud-init provides the following fixes: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969) - The __str__ implementation no longer delivers the name of the interface, use the 'name' attribute instead to form a proper path in the sysfs tree. (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2517-1 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Type: security Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2657-1 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Type: security Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2674-1 Released: Tue Oct 15 16:53:28 2019 Summary: Security update for tcpdump Type: security Severity: important References: 1068716,1153098,1153332,CVE-2017-16808,CVE-2018-10103,CVE-2018-10105,CVE-2018-14461,CVE-2018-14462,CVE-2018-14463,CVE-2018-14464,CVE-2018-14465,CVE-2018-14466,CVE-2018-14467,CVE-2018-14468,CVE-2018-14469,CVE-2018-14470,CVE-2018-14879,CVE-2018-14880,CVE-2018-14881,CVE-2018-14882,CVE-2018-16227,CVE-2018-16228,CVE-2018-16229,CVE-2018-16230,CVE-2018-16300,CVE-2018-16301,CVE-2018-16451,CVE-2018-16452,CVE-2019-1010220,CVE-2019-15166,CVE-2019-15167 This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2693-1 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1142343 This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2722-1 Released: Mon Oct 21 11:14:20 2019 Summary: Recommended update for pciutils-ids Type: recommended Severity: moderate References: 1127840,1133581 This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2777-1 Released: Thu Oct 24 16:13:20 2019 Summary: Recommended update for fipscheck Type: recommended Severity: moderate References: 1149792 This update for fipscheck fixes the following issues: - Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2782-1 Released: Fri Oct 25 14:27:52 2019 Summary: Security update for nfs-utils Type: security Severity: moderate References: 1150733,CVE-2019-3689 This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2802-1 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2810-1 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Type: security Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2891-1 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Type: security Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3030-1 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Type: security Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3096-1 Released: Thu Nov 28 16:48:21 2019 Summary: Security update for cloud-init Type: security Severity: moderate References: 1099358,1129124,1136440,1142988,1144363,1151488,1154092,CVE-2019-0816 This update for cloud-init to version 19.2 fixes the following issues: Security issue fixed: - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124). Non-security issues fixed: - Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988). - If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3173-1 Released: Wed Dec 4 20:22:45 2019 Summary: Recommended update for growpart, growpart-rootgrow Type: recommended Severity: moderate References: 1154357,ECO-550 This update for growpart, growpart-rootgrow contains the following fixes: growpart: - Removed rootgrow sub-package as it is a standalone package now. (bsc#1154357, jsc#ECO-550) growpart-rootgrow: - Added growpart-rootgrow as a standalone package. (bsc#1154357, jsc#ECO-550) - Bump from version 1.0.0 to 1.0.1: - Fixed binary location in service unit file. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3395-1 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:9-1 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1157438 This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:35-1 Released: Wed Jan 8 09:06:32 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: moderate References: 1122469,1143349,1150397,1152308,1153367,1158590,CVE-2019-16884 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes: - Update to Docker 19.03.5-ce (bsc#1158590). - Update to Docker 19.03.3-ce (bsc#1153367). - Update to Docker 19.03.2-ce (bsc#1150397). - Fixed default installation such that --userns-remap=default works properly (bsc#1143349). - Fixed nginx blocked by apparmor (bsc#1122469). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:114-1 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Type: security Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:119-1 Released: Thu Jan 16 15:42:39 2020 Summary: Recommended update for python-jsonpatch Type: recommended Severity: moderate References: 1160978 This update for python-jsonpatch fixes the following issues: - Drop jsondiff binary to avoid conflict with python-jsondiff package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:245-1 Released: Tue Jan 28 09:42:30 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1155376,1156139,1157894,1161132,1161133 This update for cloud-init fixes the following issues: - Fixed an issue where it was not possible to add SSH keys and thus it was not possible to log into the system (bsc#1161132, bsc#1161133) - Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139) - The route's destination network will now be written in CIDR notation. This provides support for correctly recording IPv6 routes (bsc#1155376) - Many smaller fixes came with this package as well. For a full list of all changes, refer to the rpm's changes file. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:325-1 Released: Wed Feb 5 14:57:02 2020 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1153533,1158833 This update for dmidecode fixes the following issues: - Add enumerated values from SMBIOS 3.3.0 preventing incorrect report of new VGA card. (bsc#1153533, bsc#1158833, jsc#SLE-10875) - Only scan '/dev/mem' for entry point on x86 (fixes reboot on ARM64). - Fix formatting of TPM table output (missing newlines). - Fix displaying system slot information for PCIe SSD. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:340-1 Released: Thu Feb 6 13:03:56 2020 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1161770 This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:365-1 Released: Fri Feb 7 13:48:54 2020 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1159086 This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:417-1 Released: Wed Feb 19 11:40:02 2020 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1159840 This update for chrony fixes the following issues: - Fix 'make check' builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:451-1 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:462-1 Released: Tue Feb 25 11:49:30 2020 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1158504,1158509,1158630,1158758 This update for xfsprogs fixes the following issues: - Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630) - Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509) - Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504) - Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:467-1 Released: Tue Feb 25 12:00:39 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1162224,1162367,1162423,1162825,CVE-2019-9674,CVE-2020-8492 This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:517-1 Released: Thu Feb 27 14:39:01 2020 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1130528,1132087,1136031,1149164 This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:521-1 Released: Thu Feb 27 18:08:56 2020 Summary: Recommended update for c-ares Type: recommended Severity: moderate References: 1125306,1159006 This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:597-1 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950 This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:633-1 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1139939,1151023 This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:655-1 Released: Thu Mar 12 13:17:03 2020 Summary: Recommended update for growpart Type: recommended Severity: moderate References: 1164736 This update for growpart fixes the following issues: - Operation system disk is not automatically resized beyond 2TB on Azure hosts. (bsc#1164736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:690-1 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1166334 This update for suse-build-key fixes the following issues: - created a new security at suse.de communication key (bsc#1166334) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:737-1 Released: Fri Mar 20 13:47:16 2020 Summary: Recommended update for ruby2.5 Type: security Severity: important References: 1140844,1152990,1152992,1152994,1152995,1162396,1164804,CVE-2012-6708,CVE-2015-9251,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2020-8130 This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:751-1 Released: Mon Mar 23 16:32:44 2020 Summary: Security update for cloud-init Type: security Severity: moderate References: 1162936,1162937,1163178,CVE-2020-8631,CVE-2020-8632 This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:777-1 Released: Tue Mar 24 18:07:52 2020 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1165894 This update for python3 fixes the following issue: - Rename idle icons to idle3 in order to not conflict with python2 variant of the package (bsc#1165894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:846-1 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950,1166748,1167674 This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:850-1 Released: Thu Apr 2 14:37:31 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1155350,1155357,1155360,1166880 This update for mozilla-nss fixes the following issues: Added various fixes related to FIPS certification: * Use getrandom() to obtain entropy where possible. * Make DSA KAT FIPS compliant. * Use FIPS compliant hash when validating keypair. * Enforce FIPS requirements on RSA key generation. * Miscellaneous fixes to CAVS tests. * Enforce FIPS limits on how much data can be processed without rekeying. * Run self tests on library initialization in FIPS mode. * Disable non-compliant algorithms in FIPS mode (hashes and the SEED cipher). * Clear various temporary variables after use. * Allow MD5 to be used in TLS PRF. * Preferentially gather entropy from /dev/random over /dev/urandom. * Allow enabling FIPS mode consistently with NSS_FIPS environment variable. * Fix argument parsing bug in lowhashtest. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:934-1 Released: Tue Apr 7 03:46:20 2020 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1167919 This update for wget fixes the following issues: wget was updated to 1.20.3, fixing various bugs, including: - Fix for wget ignoring domains with leading '.' in environment variable 'no_proxy'. (bsc#1167919) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:935-1 Released: Tue Apr 7 03:46:39 2020 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1158630,1167205,1167206 This update for xfsprogs fixes the following issues: - xfs_quota: reformat commands in the manpage. (bsc#1167206) Reformat commands in the manpage so that fstest can check that each command is actually documented. - xfs_db: document missing commands. (bsc#1167205) Document the commands 'attr_set', 'attr_remove', 'logformat' in the manpage. - xfs_io: allow size suffixes for the copy_range command. (bsc#1158630) Allow the usage of size suffixes k,m,g for kilobytes, megabytes or gigabytes respectively for the copy_range command ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:944-1 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Type: security Severity: moderate References: 1149954,1160452,CVE-2019-19921 This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:949-1 Released: Wed Apr 8 07:45:48 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1168669 This update for mozilla-nss fixes the following issues: - Use secure_getenv() to avoid PR_GetEnvSecure() being called when NSPR is unavailable, resulting in an abort (bsc#1168669). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:961-1 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1160979 This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:967-1 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Type: security Severity: moderate References: 1168699,CVE-2020-1730 This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:995-1 Released: Wed Apr 15 08:30:39 2020 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1167244,1168938,CVE-2020-10663,CVE-2020-10933 This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244). - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1056-1 Released: Tue Apr 21 16:26:22 2020 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1099358,1144881,1145622,1148645,1163178,1165296 This update for cloud-init contains the following fixes: - Update previous patches with the following additions: + In cases where the config contains 2 or more default gateway specifications for an interface only write the first default route, log warning message about skipped routes + Avoid writing invalid route specification if neither the network nor destination is specified in the route configuration + Still need to consider the 'network' configuration uption for the v1 config implementation. Fixes regression introduced with update from Wed Feb 12 19:30:42. + Add the default gateway to the ifroute config file when specified as part of the subnet configuration. (bsc#1165296) + Fix typo to properly extrakt provided netmask data (bsc#1163178, bsc#1165296) + Fix for default gateway and IPv6. (bsc#1144881) + Routes will be written if there is only a default gateway. (bsc#1148645) - BuildRequire pkgconfig(udev) instead of udev, which allow OS to shortcut through the -mini flavor. - Update to cloud-init 19.2. (bsc#1099358, bsc#1145622) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1061-1 Released: Wed Apr 22 10:45:41 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1169872 This update for mozilla-nss fixes the following issues: - This implements API mechanisms for performing DSA and ECDSA hash-and-sign in a single call, which will be required in future FIPS cycles (bsc#1169872). - Always perform nssdbm checksumming on softoken load, even if nssdbm itself is not loaded. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1063-1 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1165539,1169569 This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1083-1 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Type: security Severity: important References: 1168422,CVE-2020-3898 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1112-1 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347 This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1131-1 Released: Tue Apr 28 11:59:17 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1170571,1170572 This update for mozilla-nss fixes the following issues: - FIPS: Add Softoken POSTs for new DSA and ECDSA hash-and-sign update functions. (bsc#1170571) - FIPS: Add pairwise consistency check for CKM_SHA224_RSA_PKCS. Remove ditto checks for CKM_RSA_PKCS, CKM_DSA and CKM_ECDSA, since these are served by the new CKM_SHA224_RSA_PKCS, CKM_DSA_SHA224, CKM_ECDSA_SHA224 checks. - FIPS: Replace bad attempt at unconditional nssdbm checksumming with a dlopen(), so it can be located consistently and perform its own self-tests. - FIPS: This fixes an instance of inverted logic due to a boolean being mistaken for a SECStatus, which caused key derivation to fail when the caller provided a valid subprime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1181-1 Released: Tue May 5 12:02:39 2020 Summary: Recommended update for pciutils-ids Type: recommended Severity: moderate References: 1170160 This update for pciutils-ids fixes the following issues: - Update the PCI utilities database to 20200324. (bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1182-1 Released: Tue May 5 12:06:55 2020 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1099272,1156884,1161119 This update for chrony fixes the following issues: - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272, bsc#1161119) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE. (bsc#1156884, SLE-11424) - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1214-1 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1169944 This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1219-1 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170771,CVE-2020-12243 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1226-1 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Type: recommended Severity: moderate References: 1149995,1152590,1167898 This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1266-1 Released: Wed May 13 10:20:54 2020 Summary: Recommended update for jq Type: recommended Severity: moderate References: 1170838 This update for jq fixes the following issues: jq was updated to version 1.6: * Destructuring Alternation * many new builtins (see docs) * Add support for ASAN and UBSAN * Make it easier to use jq with shebangs * Add $ENV builtin variable to access environment * Add JQ_COLORS env var for configuring the output colors * change: Calling jq without a program argument now always assumes '.' for the program, regardless of stdin/stdout * fix: Make sorting stable regardless of qsort. - Make jq depend on libjq1, so upgrading jq upgrades both ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1299-1 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1342-1 Released: Tue May 19 13:27:31 2020 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1149955,1165894,CVE-2019-16056 This update for python3 fixes the following issues: - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1348-1 Released: Wed May 20 11:37:41 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1170908 This update for mozilla-nss fixes the following issues: The following issues are fixed: - Add AES Keywrap POST. - Accept EACCES in lieu of ENOENT when trying to access /proc/sys/crypto/fips_enabled (bsc#1170908). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1353-1 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Type: security Severity: moderate References: 1079603,1091109,CVE-2018-6942 This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1361-1 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1171872 This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1492-1 Released: Wed May 27 18:32:41 2020 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1171561 This update for python-rpm-macros fixes the following issue: - Update to version 20200207.5feb6c1 (bsc#1171561) * Do not write .pyc files for tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1506-1 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1087982,1170527 This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1532-1 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1172021,CVE-2019-19956 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1551-1 Released: Mon Jun 8 09:31:41 2020 Summary: Security update for vim Type: security Severity: moderate References: 1172225,CVE-2019-20807 This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1558-1 Released: Mon Jun 8 10:36:32 2020 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1172113 This update for chrony fixes the following issue: - Use iburst in the default pool statements to speed up initial synchronization. (bsc#1172113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1657-1 Released: Thu Jun 18 10:49:53 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: moderate References: 1172377,CVE-2020-13401 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1677-1 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1733-1 Released: Wed Jun 24 09:43:36 2020 Summary: Security update for curl Type: security Severity: important References: 1173026,1173027,CVE-2020-8169,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect (bsc#1173026). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1795-1 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1172566 This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1821-1 Released: Thu Jul 2 08:39:34 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807,1172816 This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1822-1 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Type: security Severity: important References: 1173274,CVE-2020-14422 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1850-1 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Type: security Severity: moderate References: 1168669,1173032,CVE-2020-12402 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1852-1 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Type: recommended Severity: moderate References: 1169444 This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1885-1 Released: Fri Jul 10 14:54:22 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1170154,1171546,1171995 This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1938-1 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1169947,1170801,1172925,1173106 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1950-1 Released: Fri Jul 17 17:16:21 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1161573,1165828,1169997,1172807,1173560 This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1986-1 Released: Tue Jul 21 16:06:12 2020 Summary: Recommended update for openvswitch Type: recommended Severity: moderate References: 1172861,1172929 This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1987-1 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Type: recommended Severity: important References: 1172477,1173336,1174011 This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2000-1 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Type: recommended Severity: important References: 1100077,1101023,1120862,1127544 This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2451-1 Released: Wed Sep 2 12:30:38 2020 Summary: Recommended update for dracut Type: recommended Severity: important References: 1167494,996146 This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2729-1 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1152930,1174477,CVE-2020-14342 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2757-1 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1173104 This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2863-1 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1175989 This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2936-1 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1175281 This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2979-1 Released: Wed Oct 21 11:37:14 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1176173 This update for mozilla-nss fixes the following issue: - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2989-1 Released: Thu Oct 22 08:53:10 2020 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1171806 This update for chrony fixes the following issues: - Integrate three upstream patches to fix an infinite loop in chronyc. (bsc#1171806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3058-1 Released: Wed Oct 28 06:11:14 2020 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: 1176155 This update for catatonit fixes the following issues: - Fixes an issue when catatonit hangs when process dies in very specific way. (bsc#1176155) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3059-1 Released: Wed Oct 28 06:11:23 2020 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1173391,1176285,1176325 This update for sysconfig fixes the following issues: - Fix for 'netconfig' to run with a new library including fallback to the previous location. (bsc#1176285) - Fix for changing content of such files like '/etc/resolv.conf' to avoid linked applications re-read them and unnecessarily re-initializes themselves accordingly. (bsc#1176325) - Fix for 'chrony helper' calling in background. (bsc#1173391) - Fix for configuration file by creating a symlink for it to prevent false ownership on the file. (bsc#1159566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3199-1 Released: Fri Nov 6 13:01:11 2020 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1155027 This update for SUSEConnect fixes the following issues: - Recognize more formats when parsing the '.curlrc' for proxy credentials. (bsc#1155027) - Add 'rpmlintrc' to filter false-positive warning about patch not applied - Extend the YaST API in order to access to the package search functionality. (jsc#SLE-9109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3253-1 Released: Mon Nov 9 07:45:04 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1174697,1176173 This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2779-1 Released: Thu Nov 12 15:00:21 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1173433,1178627 This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) - ship rsyslog-module-mmnormalize module which was forgotten in GA (bsc#1178627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3323-1 Released: Fri Nov 13 15:25:55 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1174443,1174444,1177526 This update for cloud-init contains the following fixes: + Avoid exception if no gateway information is present and warning is triggered for existing routing. (bsc#1177526) Update to version 20.2 (bsc#1174443, bsc#1174444) + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Goneri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Goneri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file 'size' being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Goneri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Goneri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Goneri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Goneri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Goneri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Goneri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Goneri Le Bouder] + Add Netbsd support (#62) [Goneri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta ??? data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Gali??] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace 'from six import X' imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Goneri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Gali??] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Goneri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Goneri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Goneri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3358-1 Released: Tue Nov 17 13:17:10 2020 Summary: Security update for tcpdump Type: security Severity: moderate References: 1178466,CVE-2020-8037 This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3382-1 Released: Thu Nov 19 11:03:01 2020 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issues: - Add partial support for SMBIOS 3.4.0. (bsc#1174257) - Skip details of uninstalled memory modules. (bsc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3478-1 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Type: security Severity: moderate References: 1178882,CVE-2020-8277 This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3481-1 Released: Mon Nov 23 11:17:09 2020 Summary: Optional update for vim Type: optional Severity: low References: 1166602,1173256,1174564,1176549 This update for vim doesn't fix any user visible issues and it is optional to install. - Introduce vim-small package with reduced requirements for small installations (bsc#1166602). - Stop owning /etc/vimrc so the old, distro provided config actually gets removed. - Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256) - Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3498-1 Released: Tue Nov 24 13:07:16 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1164076,1177811,1178217 This update for dracut fixes the following issues: - Update from version 049.1+suse.156.g7d852636 to version 049.1+suse.171.g65b2addf: - dracut.sh: FIPS workaround for openssl-libs (bsc#1178217) - 01fips: turn info calls into fips_info calls (bsc#1164076) - 00systemd: add missing cryptsetup-related targets (bsc#1177811) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3570-1 Released: Mon Nov 30 17:14:35 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178288 This update for rsyslog fixes the following issue: - Fix location and naming of journald dropin. (bsc#1178288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3608-1 Released: Wed Dec 2 18:16:12 2020 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1177526,1179150,1179151 This update for cloud-init contains the following fixes: - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3616-1 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Type: recommended Severity: moderate References: 1178882 - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:73-1 Released: Tue Jan 12 10:24:50 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:264-1 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1142248,1177870,1180119 This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:285-1 Released: Tue Feb 2 13:08:54 2021 Summary: Security update for cups Type: security Severity: moderate References: 1170671,1180520,CVE-2019-8842,CVE-2020-10001 This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:435-1 Released: Thu Feb 11 14:47:25 2021 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: important References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:441-1 Released: Thu Feb 11 16:35:04 2021 Summary: Optional update for python3-jsonschema Type: optional Severity: low References: 1180403 This update provides the python3 variant of the jsonschema module to the SUSE Linux Enterprise 15 SP2 Basesystem module. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:516-1 Released: Thu Feb 18 14:42:51 2021 Summary: Recommended update for docker, golang-github-docker-libnetwork Type: recommended Severity: moderate References: 1178801,1180401,1182168 This update for docker, golang-github-docker-libnetwork fixes the following issues: - A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:551-1 Released: Tue Feb 23 09:31:53 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1180827,CVE-2021-26720 This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:571-1 Released: Tue Feb 23 16:11:33 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1180176 This update for cloud-init contains the following fixes: - Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing. - Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:573-1 Released: Wed Feb 24 09:58:38 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1176171,1180336 This update for dracut fixes the following issues: - arm/arm64: Add reset controllers (bsc#1180336) - Prevent creating unexpected files on the host when running dracut (bsc#1176171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:654-1 Released: Fri Feb 26 20:01:10 2021 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1181944,1182244,CVE-2020-28493 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:758-1 Released: Wed Mar 10 12:16:27 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1182688 This update for dracut fixes the following issues: - network-legacy: fix route parsing issues in ifup. (bsc#1182688) -0kernel-modules: arm/arm64: Add reset controllers - Prevent creating unexpected files on the host when running dracut - As of 'v246' of systemd 'syslog' and 'syslog-console' switches have been deprecated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:784-1 Released: Mon Mar 15 11:19:08 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1181967 This update for efivar fixes the following issues: - Fixed an issue with the NVME path parsing (bsc#1181967) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:933-1 Released: Wed Mar 24 12:16:14 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1177125,1177222,CVE-2020-25613 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:960-1 Released: Mon Mar 29 11:16:28 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283 This update for cloud-init fixes the following issues: - Does no longer include the sudoers.d directory twice (bsc#1181283) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:991-1 Released: Wed Mar 31 13:28:37 2021 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1182324 This update for vim provides the following fixes: - Install SUSE vimrc in /usr. (bsc#1182324) - Source correct suse.vimrc file. (bsc#1182324) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1021-1 Released: Tue Apr 6 14:30:30 2021 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1175960 This update for cups fixes the following issues: - Fixed the web UI kerberos authentication (bsc#1175960) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1161-1 Released: Tue Apr 13 11:35:57 2021 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1183239,CVE-2021-20208 This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1205-1 Released: Thu Apr 15 15:14:31 2021 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178490 This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1280-1 Released: Tue Apr 20 14:34:19 2021 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1184644,CVE-2021-28965 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1419-1 Released: Thu Apr 29 06:20:30 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1178219 This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1425-1 Released: Thu Apr 29 06:23:08 2021 Summary: Optional update for tcpdump Type: optional Severity: low References: 1183800 This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1451-1 Released: Fri Apr 30 08:08:45 2021 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1185157 This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1454-1 Released: Fri Apr 30 09:22:26 2021 Summary: Security update for cups Type: security Severity: important References: 1184161,CVE-2021-25317 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1456-1 Released: Fri Apr 30 12:00:01 2021 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1184815 This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1462-1 Released: Fri Apr 30 14:54:23 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283,1184085 This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1493-1 Released: Tue May 4 17:13:34 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1184521,CVE-2021-3468 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1566-1 Released: Wed May 12 09:39:16 2021 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1162964,1184400 This update for chrony fixes the following issues: - Fix build with glibc-2.31 (bsc#1162964) - Use /run instead of /var/run for PIDFile in chronyd.service (bsc#1184400) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1600-1 Released: Thu May 13 16:34:08 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185277 This update for dracut fixes the following issue: Update to version 049.1+suse.188.gbf445638: - Do not resolve symbolic links before `instmod`. (bsc#1185277) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1669-1 Released: Thu May 20 11:10:44 2021 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1181540,1181651,1183194,1185170 This update for nfs-utils fixes the following issues: - The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170) - Improve logging of authentication (bsc#1181540) - Add man page of the 'nconnect mount'. (bsc#1181651) - Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1675-1 Released: Thu May 20 15:00:23 2021 Summary: Recommended update for snappy Type: recommended Severity: moderate References: 1080040,1184507 This update for snappy fixes the following issues: Update from version 1.1.3 to 1.1.8 - Small performance improvements. - Removed `snappy::string` alias for `std::string`. - Improved `CMake` configuration. - Improved packages descriptions. - Fix RPM groups. - Aarch64 fixes - PPC speedups - PIE improvements - Fix license install. (bsc#1080040) - Fix a 1% performance regression when snappy is used in PIE executable. - Improve compression performance by 5%. - Improve decompression performance by 20%. - Use better download URL. - Fix a build issue for tensorflow2. (bsc#1184507) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1773-1 Released: Wed May 26 17:22:21 2021 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1826-1 Released: Tue Jun 1 16:40:26 2021 Summary: Security update for bind Type: security Severity: important References: 1183453,1185073,CVE-2021-25214,CVE-2021-25215 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - Switched from /var/run to /run (bsc#1185073) - Hardening: Compiled binary with PIE flags to make it position independent ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1841-1 Released: Wed Jun 2 16:30:17 2021 Summary: Security update for dhcp Type: security Severity: important References: 1186382,CVE-2021-25217 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1846-1 Released: Fri Jun 4 08:46:37 2021 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185910 This update for mozilla-nss fixes the following issue: - Provide some missing binaries from `mozilla-nss` not added in `SLE-Module-Basesystem_15-SP3`. (bsc#1185910) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1923-1 Released: Thu Jun 10 08:37:00 2021 Summary: Recommended update for nfs-utils Type: recommended Severity: important References: 1183194 This update for nfs-utils fixes the following issues: - Ensured thread safety when opening files over NFS to prevent a use-after-free issue (bsc#1183194) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1941-1 Released: Thu Jun 10 10:49:52 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1186642 This update for sysconfig fixes the following issue: - sysconfig had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1946-1 Released: Thu Jun 10 11:40:34 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1186642 This update for SUSEConnect fixes the following issue: - SUSEConnect had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1954-1 Released: Fri Jun 11 10:45:09 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1974-1 Released: Tue Jun 15 13:03:45 2021 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1185020 This update for kexec-tools fixes the following issue: - Hardening: link as Position-Independent Executable PIE (bsc#1185020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1977-1 Released: Tue Jun 15 13:05:56 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1065729,1087082,1113295,1133021,1152457,1152472,1152489,1153274,1154353,1155518,1156395,1160634,1164648,1167260,1167574,1167773,1168777,1168838,1169709,1171295,1173485,1174416,1174426,1175995,1176447,1176774,1177028,1177326,1177666,1178089,1178134,1178163,1178330,1178378,1178418,1179243,1179519,1179825,1179827,1179851,1180197,1180814,1180846,1181104,1181383,1181507,1181674,1181862,1182077,1182257,1182377,1182552,1182574,1182613,1182712,1182715,1182717,1182999,1183022,1183069,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183289,1183310,1183311,1183312,1183313,1183314,1183315,1183316,1183317,1183318,1183319,1183320,1183321,1183322,1183323,1183324,1183326,1183346,1183366,1183369,1183386,1183405,1183412,1183427,1183428,1183445,1183447,1183491,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183658,1183662,1183686,1183692,1183750,1183757,1183775,1183815,1183868,1183871,1183873,1 183947,1183976,1184074,1184081,1184082,1184120,1184167,1184168,1184170,1184171,1184192,1184193,1184194,1184196,1184197,1184198,1184199,1184208,1184209,1184211,1184217,1184218,1184219,1184220,1184224,1184264,1184386,1184388,1184391,1184393,1184436,1184485,1184514,1184585,1184611,1184615,1184650,1184710,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184769,1184811,1184855,1184934,1184942,1184943,1184955,1184969,1184984,1185010,1185113,1185233,1185269,1185428,1185491,1185495,1185549,1185550,1185558,1185573,1185581,1185586,1185587,1185606,1185640,1185641,1185642,1185645,1185670,1185680,1185703,1185725,1185736,1185758,1185796,1185840,1185857,1185898,1185899,1185911,1185938,1185950,1185980,1185988,1186009,1186061,1186111,1186118,1186219,1186285,1186320,1186349,1186352,1186353,1186354,1186355,1186356,1186357,1186401,1186408,1186439,1186441,1186479,1186484,1186498,1186501,1186512,1186681,CVE-2019-18814,CVE-2019-19769,CVE-2020-24586,CVE-2020-24587,CVE-2020-2 4588,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20268,CVE-2021-23134,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2021-28952: Fixed a buffer overflow in the soundwire device driver, triggered when an unexpected port ID number is encountered. (bnc#1184197). - CVE-2021-20268: Fixed an out-of-bounds access flaw in the implementation of the eBPF code verifier. This flaw allowed a local user to crash the system or possibly escalate their privileges. (bnc#1183077) - CVE-2020-27673: Fixed a vulnerability with xen, where guest OS users could cause a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bnc#1185640). - CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bnc#1185641 bnc#1185796 ). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI / idle: override c-state latency when not in conformance with s0ix (bsc#1185840). - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: PM: Add ACPI ID of Alder Lake Fan (git-fixes). - ACPI: PM: s2idle: Add AMD support to handle _DSM (bsc#1185840). - ACPI: PM: s2idle: Add missing LPS0 functions for AMD (bsc#1185840). - ACPI: PM: s2idle: Drop unused local variables and related code (bsc#1185840). - ACPI: PM: s2idle: Move x86-specific code to the x86 directory (bsc#1185840). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead() (git-fixes). - ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ALSA: Convert strlcpy to strscpy when return value is unused (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: dice: fix null pointer dereference when node is disconnected (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook G5 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (bsc#1182377). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add fixup for HP OMEN laptop (git-fixes). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845 G8 (git-fixes). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (git-fixes). - ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32 (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (git-fixes). - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (bsc#1182377). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: Flush pending unsolicited events before suspend (bsc#1182377). - ALSA: hda: Re-add dropped snd_poewr_change_state() calls (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hda: ignore invalid NHLT table (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM-450 to the quirks table (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (git-fixes). - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add implicit feeback support for the BOSS GT-1 (git-fixes). - ALSA: usb-audio: Add support for Pioneer DJM-750 (git-fixes). - ALSA: usb-audio: Add support for many Roland devices' implicit feedback quirks (git-fixes). - ALSA: usb-audio: Apply implicit feedback mode for BOSS devices (git-fixes). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Carve out connector value checking into a helper (git-fixes). - ALSA: usb-audio: Check connector value on resume (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: Convert remaining strlcpy() to strscpy() (git-fixes). - ALSA: usb-audio: Convert the last strlcpy() usage (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Declare Pioneer DJM-850 mixer controls (git-fixes). - ALSA: usb-audio: Drop implicit fb quirk entries dubbed for capture (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser (git-fixes). - ALSA: usb-audio: Fix unintentional sign extension issue (git-fixes). - ALSA: usb-audio: Generic application of implicit fb to Roland/BOSS devices (git-fixes). - ALSA: usb-audio: Re-apply implicit feedback mode to Pioneer devices (git-fixes). - ALSA: usb-audio: Remove redundant assignment to len (git-fixes). - ALSA: usb-audio: Skip probe of UA-101 devices (git-fixes). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: add mixer quirks for Pioneer DJM-900NXS2 (git-fixes). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: fix Pioneer DJM-850 control label info (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: generate midi streaming substream names from jack names (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ALSA: usb-audio: use usb headers rather than define structs locally (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: Intel: boards: sof-wm8804: add check for PLL setting (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: Intel: sof_sdw: add quirk for HP Spectre x360 convertible (git-fixes). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (git-fixes). - ASoC: Intel: sof_sdw: reorganize quirks by generation (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ASoC: SOF: Intel: unregister DMIC device on probe error (git-fixes). - ASoC: SOF: intel: fix wrong poll bits in dsp power down (git-fixes). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: codecs: wcd934x: add a sanity check in set channel map (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: max98373: Changed amp shutdown register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: Fix lpass dai ids parse (git-fixes). - ASoC: qcom: sdm845: Fix array out of bounds access (git-fixes). - ASoC: qcom: sdm845: Fix array out of range on rx slim channels (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: check all BUSIF status when error (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt1015: fix i2c communication error (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5659: Update MCLK rate in set_sysclk() (git-fixes). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt711: add snd_soc_component remove callback (git-fixes). - ASoC: samsung: snow: remove useless test (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: soc-core kABI workaround (git-fixes). - ASoC: soc-core: Prevent warning if no DMI table is present (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ASoC: wm8960: Remove bitclk relax condition in wm8960_configure_sysclk (git-fixes). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: avoid deadlock between hci_dev->lock and socket lock (git-fixes). - Bluetooth: btqca: Add valid le states quirk (git-fixes). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - EDAC/amd64: Check for memory before fully initializing an instance (bsc#1183815). - EDAC/amd64: Get rid of the ECC disabled long message (bsc#1183815). - EDAC/amd64: Use cached data when checking for ECC (bsc#1183815). - Goodix Fingerprint device is not a modem (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS (jsc#SLE-13208). - IB/hfi1: Rework AIP and VNIC dummy netdev usage (jsc#SLE-13208). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KEYS: trusted: Fix TPM reservation for seal/unseal (git-fixes). - KEYS: trusted: Fix memory leak on object td (git-fixes). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183323). - KVM: x86: Expose XSAVEERPTR to the guest (jsc#SLE-13573). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183324). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (jsc#SLE-13736 jsc#SLE-14845). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (jsc#SLE-13736 jsc#SLE-14845 git-fixes). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI: dwc: Move iATU detection earlier (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep (jsc#SLE-15176). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/mlx5: Fix drop packet rule in egress table (jsc#SLE-15175). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files (jsc#SLE-15176). - RDMA/rtrs-clt: destroy sysfs after removing session from active list (jsc#SLE-15176). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - Re-enable yenta socket driver for x86_64 (bsc#1186349) - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: fix return value for unsupported ioctls (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - apparmor: Fix aa_label refcnt leak in policy_update (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix a use after free in ath10k_htc_send_bundle (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: plug request for shared sbitmap (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - blk-mq: set default elevator as deadline in case of hctx shared tagset (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: fix get_max_io_size() (git-fixes). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Enforce that struct_ops programs be GPL-only (bsc#1177028). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix an unitialized value in bpf_iter (bsc#1177028). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds (bsc#1177028). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Refcount task stack in bpf_get_task_stack (bsc#1177028). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (bsc#1177028). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bsg: free the request before return error code (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: fsl-mc: add the dpdbg device type (bsc#1185670). - bus: fsl-mc: list more commands as accepted through the ioctl (bsc#1185670). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: qcom: Put child node before return (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - ch_ktls: Fix kernel panic (jsc#SLE-15131). - ch_ktls: do not send snd_una update to TCB in middle (jsc#SLE-15131). - ch_ktls: fix device connection close (jsc#SLE-15131). - ch_ktls: fix enum-conversion warning (jsc#SLE-15129). - ch_ktls: tcb close causes tls connection failure (jsc#SLE-15131). - cifs: New optype for session operations (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: remove broken __exit annotations (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - cpuidle/pseries: Fixup CEDE0 latency only for POWER10 onwards (bsc#1185550 ltc#192610). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: chelsio - Read rxchannel-id from firmware (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Update in-core bitset after committing the metadata (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (bsc#1185581). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dmaengine: Fix a double free in dma_async_device_register (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback (git-fixes). - dmaengine: idxd: Fix potential null dereference on pointer status (git-fixes). - dmaengine: idxd: cleanup pci interrupt vector allocation management (git-fixes). - dmaengine: idxd: clear MSIX permission entry on shutdown (git-fixes). - dmaengine: idxd: fix cdev setup and free device lifetime issues (git-fixes). - dmaengine: idxd: fix delta_rec and crc size field for completion record (git-fixes). - dmaengine: idxd: fix dma device lifetime (git-fixes). - dmaengine: idxd: fix opcap sysfs attribute output (git-fixes). - dmaengine: idxd: fix wq cleanup of WQCFG registers (git-fixes). - dmaengine: idxd: fix wq size store permission state (git-fixes). - dmaengine: idxd: removal of pcim managed mmio mapping (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: update the buffer layout for non-A050385 erratum scenarios (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue (git-fixes). - drm/amd/display: Check for DSC support instead of ASIC revision (git-fixes). - drm/amd/display: Correct algorithm for reversed gamma (git-fixes). - drm/amd/display: DCHUB underflow counter increasing in some scenarios (git-fixes). - drm/amd/display: Do not optimize bandwidth before disabling planes (git-fixes). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix UBSAN: shift-out-of-bounds warning (git-fixes). - drm/amd/display: Fix debugfs link_settings entry (git-fixes). - drm/amd/display: Fix nested FPU context in dcn21_validate_bandwidth() (git-fixes). - drm/amd/display: Fix off by one in hdmi_14_process_transaction() (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: Revert dram_clock_change_latency for DCN2.1 (git-fixes). - drm/amd/display: Try YCbCr420 color when YCbCr444 fails (git-fixes). - drm/amd/display: add handling for hdcp2 rx id list validation (git-fixes). - drm/amd/display: changing sr exit latency (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amd/display: turn DPMS off on connector unplug (git-fixes). - drm/amd/pm: fix workload mismatch on vega10 (git-fixes). - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu/display/dm: add missing parameter documentation (git-fixes). - drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work (git-fixes). - drm/amdgpu/display: remove redundant continue statement (git-fixes). - drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x (git-fixes). - drm/amdgpu/display: use GFP_ATOMIC in dcn21_validate_bandwidth_fp() (git-fixes). - drm/amdgpu/swsmu: add interrupt work function (git-fixes). - drm/amdgpu/swsmu: add interrupt work handler for smu11 parts (git-fixes). - drm/amdgpu: Add additional Sienna Cichlid PCI ID (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: Add mem sync flag for IB allocated by SA (git-fixes). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (git-fixes). - drm/amdgpu: Fix some unload driver issues (git-fixes). - drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fb BO should be ttm_bo_type_device (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2 (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdgpu: remove unused variable from struct amdgpu_bo (git-fixes). - drm/amdgpu: update gc golden setting for Navi12 (git-fixes). - drm/amdgpu: update sdma golden setting for Navi12 (git-fixes). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amdkfd: dqm fence memory corruption (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check (git-fixes). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/compat: Clear bounce structures (git-fixes). - drm/dp_mst: Revise broadcast msg lct & lcr (git-fixes). - drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915/display: fix compiler warning about array overrun (git-fixes). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (git-fixes). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (git-fixes). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/i915/gvt: Set SNOOP for PAT3 on BXT/APL to workaround GPU BB hang (git-fixes). - drm/i915/overlay: Fix active retire callback alignment (git-fixes). - drm/i915/selftests: Fix some error codes (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/i915: Fix ICL MG PHY vswing handling (git-fixes). - drm/i915: Fix crash in auto_retire (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (git-fixes). - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (git-fixes). - drm/i915: Wedge the GPU if command parser setup fails (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/ingenic: Fix non-OSD mode (git-fixes). - drm/ingenic: Register devm action to cleanup encoders (git-fixes). - drm/komeda: Fix bit check to import to value of proper type (git-fixes). - drm/lima: fix reference leak in lima_pm_busy (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel() - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm: Fix use-after-free in msm_gem with carveout') * context changes - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix suspend/resume on i.MX5 (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/nouveau/kms/nv50-: Get rid of bogus nouveau_conn_mode_valid() (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/panfrost: Clear MMU irqs before handling the fault (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Do not try to map pages that are already mapped (git-fixes). - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: * context changes - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/probe-helper: Check epoch counter in output_poll_execute() (git-fixes). - drm/qxl: do not run release if qxl failed to init (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/radeon: fix AGP dependency (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/shmem-helper: Check for purged buffers in fault handler (git-fixes). - drm/shmem-helper: Do not remove the offset in vm_area_struct pgoff (git-fixes). - drm/shmem-helpers: vunmap: Do not put pages for dma-buf (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes - drm/tegra: Fix reference leak when pm_runtime_get_sync() fails (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - drm/tegra: dc: Restore coupling of display controllers (git-fixes). - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/tilcdc: send vblank event when disabling crtc (git-fixes). - drm/vc4: crtc: Reduce PV fifo threshold on hvs4 (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - drm: meson_drv add shutdown function (git-fixes). - drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes - drm: rcar-du: Fix leak of CMM platform device reference (git-fixes). - drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train() (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - ethtool: fix incorrect datatype in set_eee ops (bsc#1176447). - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1176447). - ethtool: pause: make sure we init driver stats (jsc#SLE-15075). - exec: Move would_dump into flush_old_exec (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - firmware: qcom_scm: Fix kernel-doc function names to match (git-fixes). - firmware: qcom_scm: Make __qcom_scm_is_call_available() return bool (git-fixes). - firmware: qcom_scm: Reduce locking section for __get_convention() (git-fixes). - firmware: qcom_scm: Workaround lack of 'is available' call on SC7180 (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - fsl/fman: use 32-bit unsigned integer (git-fixes). - ftrace/x86: Tell objtool to ignore nondeterministic ftrace stack layout (bsc#1177028). - ftrace: Fix modify_ftrace_direct (bsc#1177028). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: fix write deadlock (bsc#1185573). - fuse: verify write return (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - geneve: do not modify the shared tunnel info when PMTU triggers an ICMP reply (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - gpiolib: Do not free if pin ranges are not defined (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - gpu/xen: Fix a use after free in xen_drm_drv_init (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: mlxbf: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: tegra: Add missing pm_runtime_put() (bsc#1184386). - i2c: tegra: Check errors for both positive and negative values (bsc#1184386). - i2c: tegra: Clean up and improve comments (bsc#1184386). - i2c: tegra: Clean up printk messages (bsc#1184386). - i2c: tegra: Clean up probe function (bsc#1184386). - i2c: tegra: Clean up variable names (bsc#1184386). - i2c: tegra: Clean up variable types (bsc#1184386). - i2c: tegra: Clean up whitespaces, newlines and indentation (bsc#1184386). - i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO (bsc#1184386). - i2c: tegra: Factor out error recovery from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out hardware initialization into separate function (bsc#1184386). - i2c: tegra: Factor out packet header setup from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Factor out register polling into separate function (bsc#1184386). - i2c: tegra: Handle potential error of tegra_i2c_flush_fifos() (bsc#1184386). - i2c: tegra: Improve driver module description (bsc#1184386). - i2c: tegra: Improve formatting of variables (bsc#1184386). - i2c: tegra: Initialize div-clk rate unconditionally (bsc#1184386). - i2c: tegra: Make tegra_i2c_flush_fifos() usable in atomic transfer (bsc#1184386). - i2c: tegra: Mask interrupt in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Move out all device-tree parsing into tegra_i2c_parse_dt() (bsc#1184386). - i2c: tegra: Remove 'dma' variable from tegra_i2c_xfer_msg() (bsc#1184386). - i2c: tegra: Remove error message used for devm_request_irq() failure (bsc#1184386). - i2c: tegra: Remove i2c_dev.clk_divisor_non_hs_mode member (bsc#1184386). - i2c: tegra: Remove likely/unlikely from the code (bsc#1184386). - i2c: tegra: Remove outdated barrier() (bsc#1184386). - i2c: tegra: Remove redundant check in tegra_i2c_issue_bus_clear() (bsc#1184386). - i2c: tegra: Rename wait/poll functions (bsc#1184386). - i2c: tegra: Reorder location of functions in the code (bsc#1184386). - i2c: tegra: Runtime PM always available on Tegra (bsc#1184386). - i2c: tegra: Use clk-bulk helpers (bsc#1184386). - i2c: tegra: Use devm_platform_get_and_ioremap_resource() (bsc#1184386). - i2c: tegra: Use platform_get_irq() (bsc#1184386). - i2c: tegra: Use reset_control_reset() (bsc#1184386). - i2c: tegra: Use threaded interrupt (bsc#1184386). - i2c: tegra: Wait for config load atomically while in ISR (bsc#1184386). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - i40e: Fix sparse error: uninitialized symbol 'ring' (jsc#SLE-13701). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - i915/perf: Start hrtimer only if sampling the OA buffer (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Continue probe on link/PHY errors (jsc#SLE-12878). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: Use port number instead of PF ID for WoL (jsc#SLE-12878). - ice: fix memory allocation call (jsc#SLE-12878). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: fix memory leak of aRFS after resuming from suspend (jsc#SLE-12878). - ice: prevent ice_open and ice_stop during reset (git-fixes). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igb: XDP extack message on error (jsc#SLE-13536). - igb: XDP xmit back fix error code (jsc#SLE-13536). - igb: avoid premature Rx buffer reuse (jsc#SLE-13536). - igb: avoid transmit queue timeout in xdp path (jsc#SLE-13536). - igb: check timestamp validity (git-fixes). - igb: skb add metasize for xdp (jsc#SLE-13536). - igb: take VLAN double header into account (jsc#SLE-13536). - igb: use xdp_do_flush (jsc#SLE-13536). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - intel_th: pci: Add Alder Lake-M support (git-fixes). - intel_th: pci: Add Rocket Lake CPU support (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183310). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183312). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183313). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183315). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183316). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183317). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183318). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183319). - iommu/vt-d: Fix status code for Allocate/Free PASID command (bsc#1183320). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183321). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183322). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it (bsc#1183311). - iommu: Switch gather->end to the inclusive end (bsc#1183314). - ionic: linearize tso skb with too many frags (bsc#1167773). - ionic: linearize tso skb with too many frags (bsc#1167773). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1184264). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1184264). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - iwlwifi: add support for Qu with AX201 device (git-fixes). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (git-fixes). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - ixgbe: fix unbalanced device enable/disable in suspend/resume (jsc#SLE-13706). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kvm: svm: Update svm_xsaves_supported (jsc#SLE-13573). - kvm: x86: Enumerate support for CLZERO instruction (jsc#SLE-13573). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - libbpf: Add explicit padding to bpf_xdp_set_link_opts (bsc#1177028). - libbpf: Add explicit padding to btf_dump_emit_type_decl_opts (bsc#1177028). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Fix bail out from 'ringbuf_process_ring()' on error (bsc#1177028). - libbpf: Fix error path in bpf_object__elf_init() (bsc#1177028). - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1177028). - libbpf: Initialize the bpf_seq_printf parameters array field by field (bsc#1177028). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - lpfc: Decouple port_template and vport_template (bsc#185032). - mISDN: fix crash in fritzpci (git-fixes). - mac80211: Allow HE operation to be longer than expected (git-fixes). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: saa7134: use sg_dma_len when building pgtable (git-fixes). - media: saa7146: use sg_dma_len when building pgtable (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops (bsc#1183325). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - mfd: intel_pmt: Fix nuisance messages and handling of disabled capabilities (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1186009) - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1186009) - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt7601u: fix always true expression (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mt76: mt7615: fix entering driver-own state on mt7663 (git-fixes). - mt76: mt7615: support loading EEPROM for MT7613BE (git-fixes). - mt76: mt76x0: disable GTK offloading (git-fixes). - mt76: mt7915: fix aggr len debugfs node (git-fixes). - mt76: mt7915: fix txpower init for TSSI off chips (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: atmel: Update ecc_stats.corrected counter (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx4_en: update moderation when config reset (git-fixes). - net/mlx5: Add back multicast stats for uplink representor (jsc#SLE-15172). - net/mlx5: Delete extra dump stack that gives nothing (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net/mlx5: Fix bit-wise and with zero (jsc#SLE-15172). - net/mlx5: Fix health error state handling (bsc#1186467). - net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP (jsc#SLE-15172). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: Fix setting of RS FEC mode (jsc#SLE-15172). - net/mlx5e: Offload tuple rewrite for non-CT flows (jsc#SLE-15172). - net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets (jsc#SLE-15172). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net/sched: act_ct: fix wild memory access when clearing fragments (bsc#1176447). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (bsc#1176447). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enetc: allow hardware timestamping on TX queues with tc-etf enabled (git-fixes). - net: enetc: do not disable VLAN filtering in IFF_PROMISC mode (git-fixes). - net: enetc: fix link error again (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - netfilter: conntrack: Make global sysctls readonly in non-init netns (bsc#1176447). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: flowtable: Make sure GC works periodically in idle system (bsc#1176447). - netfilter: flowtable: fix NAT IPv6 offload mangling (bsc#1176447). - netfilter: nftables: allow to update flowtable flags (bsc#1176447). - netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags (bsc#1176447). - netsec: restore phy power state after controller reset (bsc#1183757). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: devlink: initialize the devlink port attribute 'lanes' (bsc#1176447). - nfp: flower: add ipv6 bit to pre_tunnel control message (bsc#1176447). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1180197). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1180197). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1180197). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme: call nvme_identify_ns as the first thing in nvme_alloc_ns_block (bsc#1180197). - nvme: clean up the check for too large logic block sizes (bsc#1180197). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: factor out a nvme_configure_metadata helper (bsc#1180197). - nvme: fix controller instance leak (git-fixes). - nvme: fix initialization of the zone bitmaps (bsc#1180197). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: freeze the queue over ->lba_shift updates (bsc#1180197). - nvme: lift the check for an unallocated namespace into nvme_identify_ns (bsc#1180197). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: move nvme_validate_ns (bsc#1180197). - nvme: opencode revalidate_disk in nvme_validate_ns (bsc#1180197). - nvme: query namespace identifiers before adding the namespace (bsc#1180197). - nvme: refactor nvme_validate_ns (bsc#1180197). - nvme: remove nvme_identify_ns_list (bsc#1180197). - nvme: remove nvme_update_formats (bsc#1180197). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: remove the 0 lba_shift check in nvme_update_ns_info (bsc#1180197). - nvme: remove the disk argument to nvme_update_zone_info (bsc#1180197). - nvme: rename __nvme_revalidate_disk (bsc#1180197). - nvme: rename _nvme_revalidate_disk (bsc#1180197). - nvme: rename nvme_validate_ns to nvme_validate_or_alloc_ns (bsc#1180197). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvme: revalidate zone bitmaps in nvme_update_ns_info (bsc#1180197). - nvme: sanitize KATO setting (bsc#1179825). - nvme: set the queue limits in nvme_update_ns_info (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1180197). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvme: update the known admin effects (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - ocfs2: fix a use after free on error (bsc#1184738). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - perf/amd/uncore: Fix sysfs type mismatch (bsc#1178134). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - partitions/ibm: fix non-DASD devices (bsc#1185857 LTC#192526). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: lewisburg: Update number of pins in community (git-fixes). - pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: intel_pmt_crashlog: Fix incorrect macros (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s/exception: Clean up a missed SRR specifier (jsc#SLE-9246 git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/kexec_file: Use current CPU info while setting up FDT (bsc#1184615 ltc#189835). - powerpc/kuap: Restore AMR after replaying soft interrupts (bsc#1156395). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/perf: Fix sampled instruction type for larx/stcx (jsc#SLE-13513). - powerpc/perf: Fix the threshold event selection for memory events in power10 (jsc#SLE-13513). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/pseries: Do not trace hcall tracing wrapper (bsc#1185110 ltc#192091). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1185110 ltc#192091). - powerpc/pseries: use notrace hcall variant for H_CEDE idle (bsc#1185110 ltc#192091). - powerpc/pseries: warn if recursing into the hcall tracing code (bsc#1185110 ltc#192091). - powerpc/smp: Reintroduce cpu_core_mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - powerpc/uaccess: Avoid might_fault() when user access is enabled (bsc#1156395). - powerpc/uaccess: Perform barrier_nospec() in KUAP allowance helpers (bsc#1156395). - powerpc/uaccess: Simplify unsafe_put_user() implementation (bsc#1156395). - powerpc/xive: Drop check on irq_data in xive_core_debug_show() (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc/xmon: Fix build failure for 8xx (jsc#SLE-12936 git-fixes). - powerpc: Fix inverted SET_FULL_REGS bitop (jsc#SLE-9246 git-fixes). - powerpc: Fix missing declaration ofable_kernel_vsx() (git-fixes). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - r8169: do not advertise pause in jumbo mode (git-fixes). - r8169: fix DMA being used after buffer free if WoL is enabled (git-fixes). - r8169: tweak max read request size for newer chips also in jumbo mtu mode (git-fixes). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix an error code in rtw_debugfs_set_rsvd_page() (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - rtw88: coex: 8821c: correct antenna switch function (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/ipl: support NVMe IPL kernel parameters (bsc#1185980 LTC#192679). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - s390/pci: fix leak of PCI device structure (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - s390/zcrypt: return EIO when msg retry limit reached (git-fixes). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - sata_mv: add IRQ checks (git-fixes). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix shift-out-of-bounds in load_balance() (git fixes (sched)). - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: aacraid: Improve compat_ioctl handlers (bsc#1186352). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: fnic: Remove bogus ratelimit messages (bsc#1183249). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (bsc#1185954). - scsi: pm80xx: Do not sleep in atomic context (bsc#1186353). - scsi: pm80xx: Fix chip initialization failure (bsc#1186354). - scsi: pm80xx: Fix potential infinite loop (bsc#1186354). - scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check() (bsc#1186355). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - scsi: target: tcmu: Fix use-after-free of se_cmd->priv (bsc#1186356). - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized (bsc#1186357). - sctp: delay auto_asconf init until binding the first addr (<cover.1620748346.git.mkubecek at suse.cz>). - security: keys: trusted: fix TPM2 authorizations (git-fixes). - selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro (bsc#1177028). - selftests/bpf: Fix the ASSERT_ERR_PTR macro (bsc#1177028). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Re-generate vmlinux.h and BPF skeletons if bpftool changed (bsc#1177028). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - selftests: mlxsw: Remove a redundant if statement in tc_flower_scale test (bsc#1176774). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: fsl: qe: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz < p_memsz (git-fixes). - software node: Fix node registration (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: cadence: set cqspi to the driver_data field of struct device (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes). - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes). - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes). - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes). - staging: comedi: das800: Fix endian problem for AI command data (git-fixes). - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes). - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes). - staging: fwserial: Fix error handling in fwserial_create (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes). - staging: most: sound: add sanity check for function argument (git-fixes). - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes). - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes). - staging: rtl8192e: Change state information from u16 to u8 (git-fixes). - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes). - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes). - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes). - staging: rtl8712: unterminated string leads to read overflow (git-fixes). - stop_machine: mark helpers __always_inline (git-fixes). - supported.conf: - supported.conf: add bsc1185010 dependency - supported.conf: mark usb_otg_fsm as supported (bsc#1185010) - tcp: fix to update snd_wl1 in bulk receiver fast path (<cover.1620748346.git.mkubecek at suse.cz>). - tee: optee: remove need_resched() before cond_resched() (git-fixes). - tee: optee: replace might_sleep with cond_resched (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed (git-fixes). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - thunderbolt: Fix a leak in tb_retimer_add() (git-fixes). - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Fix off by one in tb_port_find_retimer() (git-fixes). - thunderbolt: Initialize HopID IDAs in tb_switch_alloc() (git-fixes). - tools/resolve_btfids: Fix build error with older host toolchains (bsc#1177028). - tpm: acpi: Check eventlog signature before using it (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - tty: serial: lpuart: fix lpuart32_write usage (git-fixes). - tty: serial: ucc_uart: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - usb: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: configfs: Fix KASAN use-after-free (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: stop playback on function disable (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoire (bsc#1185840). - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - usb: xhci-mtk: improve bandwidth scheduling with TT (git-fixes). - usb: xhci-mtk: remove or operator for setting schedule parameters (git-fixes). - usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - usb: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix stub_dev to check for stream socket (git-fixes). - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - usbip: fix vhci_hcd to check for stream socket (git-fixes). - usbip: fix vudc to check for stream socket (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: tools: fix build error for multiple definition (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio-pci/zdev: fix possible segmentation fault issue (git-fixes). - vfio/iommu_type1: Populate full dirty when detach non-pinned group (bsc#1183326). - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer (git-fixes). - vfio/mdev: Make to_mdev_device() into a static inline (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - vfio/pci: Move VGA and VF initialization to functions (git-fixes). - vfio/pci: Re-order vfio_pci_probe() (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - virtiofs: fix memory leak in virtio_fs_probe() (bsc#1185558). - vrf: fix a comment about loopback device (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - vxlan: do not modify the shared tunnel info when PMTU triggers an ICMP reply (bsc#1176447). - vxlan: move debug check after netdev unregister (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (bsc#1186219). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1178134). - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1178134). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets (bsc#1176447). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important References: 1187045,CVE-2021-33503 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2091-1 Released: Mon Jun 21 10:45:13 2021 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1181173 This update for wget fixes the following issue: - When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the following message: 'The name is too long,... trying to shorten'. (bsc#1181173) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2096-1 Released: Mon Jun 21 13:35:38 2021 Summary: Recommended update for python-six Type: recommended Severity: moderate References: 1186642 This update for python-six fixes the following issue: - python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2146-1 Released: Wed Jun 23 17:55:14 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1115550,1174162 This update for openssh fixes the following issues: - Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2178-1 Released: Mon Jun 28 15:56:15 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1186561 This update for systemd-presets-common-SUSE fixes the following issues: When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2184-1 Released: Mon Jun 28 18:22:39 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1087082,1152489,1154353,1174978,1176447,1176771,1177666,1178134,1178378,1178612,1179610,1182999,1183712,1184259,1184436,1184631,1185195,1185428,1185497,1185570,1185589,1185675,1185701,1186155,1186286,1186460,1186463,1186472,1186501,1186672,1186677,1186681,1186752,1186885,1186928,1186949,1186950,1186951,1186952,1186953,1186954,1186955,1186956,1186957,1186958,1186959,1186960,1186961,1186962,1186963,1186964,1186965,1186966,1186967,1186968,1186969,1186970,1186971,1186972,1186973,1186974,1186976,1186977,1186978,1186979,1186980,1186981,1186982,1186983,1186984,1186985,1186986,1186987,1186988,1186989,1186990,1186991,1186992,1186993,1186994,1186995,1186996,1186997,1186998,1186999,1187000,1187001,1187002,1187003,1187038,1187039,1187050,1187052,1187067,1187068,1187069,1187072,1187143,1187144,1187167,1187334,1187344,1187345,1187346,1187347,1187348,1187349,1187350,1187351,1187357,1187711,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. (bnc#1179610 bnc#1186463) - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36385: Fixed a use-after-free in drivers/infiniband/core/ucma.c which could be triggered if the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bnc#1187038). The following non-security bugs were fixed: - ACPICA: Clean up context mutex during object deletion (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 (git-fixes). - ALSA: hda/realtek: headphone and mic do not work on an Acer laptop (git-fixes). - ALSA: hda: update the power_state during the direct-complete (git-fixes). - ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ASoC: amd: fix for pcm_read() error (git-fixes). - ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes). - ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357). - bcache: do not pass BIOSET_NEED_BVECS for the 'bio_set' embedded in 'cache_set' (bsc#1187357). - bcache: fix a regression of code compiling failure in debug.c (bsc#1187357). - bcache: inherit the optimal I/O size (bsc#1187357). - bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357). - bcache: remove bcache device self-defined readahead (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: remove PTR_CACHE (bsc#1187357). - bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357). - bcache: use NULL instead of using plain integer as pointer (bsc#1187357). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: return the correct bvec when checking for gaps (bsc#1187143). - block: return the correct bvec when checking for gaps (bsc#1187144). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677). - brcmfmac: properly check for bus register errors (git-fixes). - btrfs: open device without device_list_mutex (bsc#1176771). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - char: hpet: add checks after calling ioremap (git-fixes). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (jsc#SLE-15129). - cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131). - devlink: Correct VIRTUAL port to not have phys_port attributes (jsc#SLE-15172). - dmaengine: idxd: add missing dsa driver unregister (git-fixes). - dmaengine: idxd: Use cpu_feature_enabled() (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amdgpu: Do not query CE and UE errors (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - drm/amdgpu: stop touching sched.ready in the backend (git-fixes). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (git-fixes). - drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (git-fixes). - drm/mcde: Fix off by 10^3 in calculation (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650 (git-fixes). - drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - efi/libstub: prevent read overflow in find_file_option() (git-fixes). - Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes). - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Correct SKB queue index validation (git-fixes). - gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix allowing VF to request more/less queues via virtchnl (jsc#SLE-12878). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - ice: handle the VF VSI rebuild failure (jsc#SLE-12878). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iommu/amd: Keep track of amd_iommu_irq_remap state (https://bugzilla.kernel.org/show_bug.cgi?id=212133). - iommu: Fix a boundary issue to avoid performance drop (bsc#1187344). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345). - iommu/vt-d: Remove WO permissions on second-level paging entries (bsc#1187346). - iommu/vt-d: Report right snoop capability when using FL for IOVA (bsc#1187347). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - kABI workaround for rtw88 (git-fixes). - kABI workaround for struct lis3lv02d change (git-fixes). - lib: crc64: fix kernel-doc warning (bsc#1187357). - libertas: register sysfs groups properly (git-fixes). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - md: bcache: avoid -Wempty-body warnings (bsc#1187357). - md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mmc: sdhci: Clear unused bounce buffer at DMA mmap error path (bsc#1187039). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - netfilter: nf_tables: missing error reporting for not selected expressions (bsc#1176447). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1176447). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172). - net/mlx5e: Fix incompatible casting (jsc#SLE-15172). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (jsc#SLE-15172). - net/mlx5: Set reformat action when needed for termination rules (jsc#SLE-15172). - net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172). - net/sched: act_ct: Offload connections with commit action (jsc#SLE-15172). - net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net: zero-initialize tc skb extension on allocation (bsc#1176447). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not discard pNFS layout segments that are marked for return (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFSv42: Copy offload should update the file size when appropriate (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - nvme: add new line after variable declatation (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: document nvme controller states (git-fixes). - nvme: do not check nvme_req flags for new req (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612, bsc#1186155). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259, bsc#1186155). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: split init identify into helper (bsc#1184259, bsc#1178612, bsc#1186155). - nvmet: use new ana_log_size instead the old one (bsc#1178612, bsc#1184259, bsc#1186155). - nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612, bsc#1186155). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - PCI/LINK: Remove bandwidth notification (bsc#1183712). - pid: take a reference when initializing `cad_pid` (bsc#1152489). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847 git-fixes). - powerpc/kprobes: Fix validation of prefixed instructions across page boundary (jsc#SLE-13847 git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - rtw88: 8822c: add LC calibration for RTL8822C (git-fixes). - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472). - scsi: smartpqi: Add host level stream detection enable (bsc#1186472). - scsi: smartpqi: Add new PCI IDs (bsc#1186472). - scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472). - scsi: smartpqi: Add stream detection (bsc#1186472). - scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits (bsc#1186472). - scsi: smartpqi: Add support for long firmware version (bsc#1186472). - scsi: smartpqi: Add support for new product ids (bsc#1186472). - scsi: smartpqi: Add support for RAID1 writes (bsc#1186472). - scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472). - scsi: smartpqi: Add support for wwid (bsc#1186472). - scsi: smartpqi: Align code with oob driver (bsc#1186472). - scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472). - scsi: smartpqi: Correct request leakage during reset operations (bsc#1186472). - scsi: smartpqi: Correct system hangs when resuming from hibernation (bsc#1186472). - scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472). - scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472). - scsi: smartpqi: Fix device pointer variable reference static checker issue (bsc#1186472). - scsi: smartpqi: Fix driver synchronization issues (bsc#1186472). - scsi: smartpqi: Refactor aio submission code (bsc#1186472). - scsi: smartpqi: Refactor scatterlist code (bsc#1186472). - scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472). - scsi: smartpqi: Remove unused functions (bsc#1186472). - scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472). - scsi: smartpqi: Update device scan operations (bsc#1186472). - scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472). - scsi: smartpqi: Update event handler (bsc#1186472). - scsi: smartpqi: Update OFA management (bsc#1186472). - scsi: smartpqi: Update RAID bypass handling (bsc#1186472). - scsi: smartpqi: Update SAS initiator_port_protocols and target_port_protocols (bsc#1186472). - scsi: smartpqi: Update soft reset management for OFA (bsc#1186472). - scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472). - scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472). - scsi: smartpqi: Use host-wide tag space (bsc#1186472). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - UCSI fixup of array of PDOs (git-fixes). - usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - usb: typec: intel_pmc_mux: Put fwnode in error case during ->probe() (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337). - x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Cleanup exception handling before booting kernel (jsc#SLE-14337). - x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337). - x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337). - x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Setup IDT in startup_32 boot path (jsc#SLE-14337). - x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() (bsc#1178134). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - x86: fix seq_file iteration for pat.c (git-fixes). - x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134). - x86/head/64: Check SEV encryption before switching to kernel page-table (jsc#SLE-14337). - x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337). - x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186885). - x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337). - x86/sev: Do not require Hypervisor CPUID bit for SEV guests (jsc#SLE-14337). - x86/sev-es: Do not return NULL from sev_es_get_ghcb() (bsc#1187349). - x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1187350). - x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() (jsc#SLE-14337). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1187351). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2210-1 Released: Wed Jun 30 13:00:09 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184124 This update for lvm2 fixes the following issues: - Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2223-1 Released: Thu Jul 1 12:15:26 2021 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1173760 This update for chrony fixes the following issues: - Fixed an issue when chrony aborts in FIPS mode due to MD5. (bsc#1173760) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2286-1 Released: Fri Jul 9 17:38:53 2021 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863 This update for dosfstools fixes the following issue: - Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2292-1 Released: Mon Jul 12 08:25:20 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2308-1 Released: Tue Jul 13 13:36:03 2021 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower provides the following fix: - cpupower updates for Milan. (jsc#SLE-17797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2352-1 Released: Thu Jul 15 15:16:01 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1184212,1184685,1185486,1185675,1185677,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) The following non-security bugs were fixed: - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - cxgb4: fix wrong shift (git-fixes). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - ethtool: strset: fix message length calculation (bsc#1176447). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - nvmem: rmem: fix undefined reference to memremap (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - s390/dasd: add missing discipline function (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vrf: fix maximum MTU (git-fixes). - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2394-1 Released: Mon Jul 19 12:06:53 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695,1187093 This update for suse-module-tools provides the following fixes: - Fix treatment of compressed modules. (bsc#1187093) - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2395-1 Released: Mon Jul 19 12:08:34 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1187386 This update for efivar provides the following fix: - Fix the eMMC sysfs parsing. (bsc#1187386) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2412-1 Released: Tue Jul 20 15:25:21 2021 Summary: Security update for containerd Type: security Severity: moderate References: 1188282,CVE-2021-32760 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2415-1 Released: Tue Jul 20 16:11:34 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1188062,1188116,CVE-2021-22555,CVE-2021-33909 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Security issues fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). The following non-security bugs were fixed: - usb: dwc3: Fix debugfs creation flow (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2481-1 Released: Tue Jul 27 14:20:27 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1184124 This update for sysconfig fixes the following issues: - Link as Position Independent Executable (bsc#1184124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2558-1 Released: Thu Jul 29 12:05:03 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - Bump tzdata_version - update to 2021.1: * update to IANA 2021a timezone release ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). From sle-updates at lists.suse.com Sun Aug 1 19:15:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 1 Aug 2021 21:15:36 +0200 (CEST) Subject: SUSE-RU-2021:2579-1: moderate: Recommended update for rust, rust1.43, rust1.53 Message-ID: <20210801191536.23DD4FCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust, rust1.43, rust1.53 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2579-1 Rating: moderate References: SLE-18626 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rust, rust1.43, rust1.53 fixes the following issues: This will ship multiple rust versions. - rust1.43: for Firefox ESR - rust1.53: The current rust release The "rust" package itself will be a wrapper package. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2579=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 i586 ppc64le s390x x86_64): cargo1.43-1.43.1-7.3.1 cargo1.43-debuginfo-1.43.1-7.3.1 cargo1.53-1.53.0-7.3.1 cargo1.53-debuginfo-1.53.0-7.3.1 rust1.43-1.43.1-7.3.1 rust1.43-debuginfo-1.43.1-7.3.1 rust1.43-gdb-1.43.1-7.3.1 rust1.53-1.53.0-7.3.1 rust1.53-debuginfo-1.53.0-7.3.1 rust1.53-gdb-1.53.0-7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): rls1.43-1.43.1-7.3.1 rls1.43-debuginfo-1.43.1-7.3.1 rls1.53-1.53.0-7.3.1 rls1.53-debuginfo-1.53.0-7.3.1 rust1.43-analysis-1.43.1-7.3.1 rust1.43-doc-1.43.1-7.3.1 rust1.53-analysis-1.53.0-7.3.1 rust1.53-doc-1.53.0-7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): cargo-1.53.0-21.3.1 cargo1.43-doc-1.43.1-7.3.1 cargo1.53-doc-1.53.0-7.3.1 rls-1.53.0-21.3.1 rust-1.53.0-21.3.1 rust-gdb-1.53.0-21.3.1 rust1.43-src-1.43.1-7.3.1 rust1.53-src-1.53.0-7.3.1 References: From sle-updates at lists.suse.com Sun Aug 1 19:16:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 1 Aug 2021 21:16:30 +0200 (CEST) Subject: SUSE-RU-2021:2580-1: moderate: Recommended update for pdsh Message-ID: <20210801191630.0C569FCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2580-1 Rating: moderate References: #1186642 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pdsh fixes the following issue: - pdsh had a lower release number in 15 sp3 than in 15 sp2, which could lead to migration issues. (bsc#1186642) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2021-2580=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): pdsh-2.34-32.1 pdsh-debuginfo-2.34-32.1 pdsh-debugsource-2.34-32.1 pdsh-dshgroup-2.34-32.1 pdsh-dshgroup-debuginfo-2.34-32.1 pdsh-genders-2.34-32.1 pdsh-genders-debuginfo-2.34-32.1 pdsh-machines-2.34-32.1 pdsh-machines-debuginfo-2.34-32.1 pdsh-netgroup-2.34-32.1 pdsh-netgroup-debuginfo-2.34-32.1 pdsh-slurm-2.34-32.1 pdsh-slurm-debuginfo-2.34-32.1 References: https://bugzilla.suse.com/1186642 From sle-updates at lists.suse.com Sun Aug 1 19:21:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 1 Aug 2021 21:21:11 +0200 (CEST) Subject: SUSE-RU-2021:2578-1: moderate: Recommended update for openldap2 Message-ID: <20210801192111.92860FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2578-1 Rating: moderate References: #1187784 SLE-18105 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for openldap2 rebuilds openldap2 against a symbol versioned enabled openssl 1.0 library. This is an enablemend for migrations to openssl 1.1.1 which will enable TLS 1.3 support. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2578=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2578=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2578=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2578=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2578=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openldap2-doc-2.4.41-22.2.3 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libldap-2_4-2-2.4.41-22.2.3 libldap-2_4-2-32bit-2.4.41-22.2.3 libldap-2_4-2-debuginfo-2.4.41-22.2.3 libldap-2_4-2-debuginfo-32bit-2.4.41-22.2.3 openldap2-2.4.41-22.2.3 openldap2-back-meta-2.4.41-22.2.3 openldap2-back-meta-debuginfo-2.4.41-22.2.3 openldap2-client-2.4.41-22.2.3 openldap2-client-debuginfo-2.4.41-22.2.3 openldap2-debuginfo-2.4.41-22.2.3 openldap2-debugsource-2.4.41-22.2.3 openldap2-ppolicy-check-password-1.2-22.2.3 openldap2-ppolicy-check-password-debuginfo-1.2-22.2.3 - SUSE OpenStack Cloud 9 (noarch): openldap2-doc-2.4.41-22.2.3 - SUSE OpenStack Cloud 9 (x86_64): libldap-2_4-2-2.4.41-22.2.3 libldap-2_4-2-32bit-2.4.41-22.2.3 libldap-2_4-2-debuginfo-2.4.41-22.2.3 libldap-2_4-2-debuginfo-32bit-2.4.41-22.2.3 openldap2-2.4.41-22.2.3 openldap2-back-meta-2.4.41-22.2.3 openldap2-back-meta-debuginfo-2.4.41-22.2.3 openldap2-client-2.4.41-22.2.3 openldap2-client-debuginfo-2.4.41-22.2.3 openldap2-debuginfo-2.4.41-22.2.3 openldap2-debugsource-2.4.41-22.2.3 openldap2-ppolicy-check-password-1.2-22.2.3 openldap2-ppolicy-check-password-debuginfo-1.2-22.2.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-22.2.3 openldap2-back-perl-debuginfo-2.4.41-22.2.3 openldap2-debuginfo-2.4.41-22.2.3 openldap2-debugsource-2.4.41-22.2.3 openldap2-devel-2.4.41-22.2.3 openldap2-devel-static-2.4.41-22.2.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.2.3 libldap-2_4-2-debuginfo-2.4.41-22.2.3 openldap2-2.4.41-22.2.3 openldap2-back-meta-2.4.41-22.2.3 openldap2-back-meta-debuginfo-2.4.41-22.2.3 openldap2-client-2.4.41-22.2.3 openldap2-client-debuginfo-2.4.41-22.2.3 openldap2-debuginfo-2.4.41-22.2.3 openldap2-debugsource-2.4.41-22.2.3 openldap2-ppolicy-check-password-1.2-22.2.3 openldap2-ppolicy-check-password-debuginfo-1.2-22.2.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.2.3 libldap-2_4-2-debuginfo-32bit-2.4.41-22.2.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-22.2.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.2.3 libldap-2_4-2-debuginfo-2.4.41-22.2.3 openldap2-2.4.41-22.2.3 openldap2-back-meta-2.4.41-22.2.3 openldap2-back-meta-debuginfo-2.4.41-22.2.3 openldap2-client-2.4.41-22.2.3 openldap2-client-debuginfo-2.4.41-22.2.3 openldap2-debuginfo-2.4.41-22.2.3 openldap2-debugsource-2.4.41-22.2.3 openldap2-ppolicy-check-password-1.2-22.2.3 openldap2-ppolicy-check-password-debuginfo-1.2-22.2.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.2.3 libldap-2_4-2-debuginfo-32bit-2.4.41-22.2.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openldap2-doc-2.4.41-22.2.3 References: https://bugzilla.suse.com/1187784 From sle-updates at lists.suse.com Sun Aug 1 22:15:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 00:15:42 +0200 (CEST) Subject: SUSE-RU-2021:2581-1: moderate: Recommended update for release-notes-ses Message-ID: <20210801221542.8BB1BFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2581-1 Rating: moderate References: #1180179 #933411 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-ses fixes the following issues: - 6.0.20210723 (tracked in bsc#933411) - Adjusted to the correct command (bsc#1180179) - Added note about unsupported NFS config Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2581=1 Package List: - SUSE Enterprise Storage 6 (noarch): release-notes-ses-6.0.20210723-3.17.2 References: https://bugzilla.suse.com/1180179 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Mon Aug 2 01:15:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 03:15:55 +0200 (CEST) Subject: SUSE-RU-2021:2582-1: moderate: Recommended update for release-notes-ses Message-ID: <20210802011555.848D0FCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2582-1 Rating: moderate References: #1186348 #933411 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-ses fixes the following issues: - 7.0.20210723 (tracked in bsc#933411) - Added a note about Zabbix (bsc#1186348) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-2582=1 Package List: - SUSE Enterprise Storage 7 (noarch): release-notes-ses-7.0.20210723-3.17.2 References: https://bugzilla.suse.com/1186348 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Mon Aug 2 06:10:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 08:10:40 +0200 (CEST) Subject: SUSE-IU-2021:611-1: Security update of suse-sles-15-sp3-chost-byos-v20210729-gen2 Message-ID: <20210802061040.1BF8DFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20210729-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:611-1 Image Tags : suse-sles-15-sp3-chost-byos-v20210729-gen2:20210729 Image Release : Severity : important Type : security References : 1047218 1099521 1152489 1153274 1154353 1155518 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164648 1164719 1172091 1172115 1172234 1172236 1172240 1172863 1173641 1173760 1176447 1176774 1176919 1177028 1177695 1178134 1182470 1184124 1184124 1184212 1184685 1185232 1185261 1185441 1185464 1185486 1185675 1185677 1185748 1185807 1185828 1185958 1185961 1186206 1186411 1186447 1186503 1186579 1186666 1186949 1187071 1187091 1187093 1187105 1187154 1187171 1187210 1187260 1187263 1187292 1187356 1187386 1187402 1187403 1187404 1187407 1187408 1187409 1187410 1187411 1187412 1187413 1187452 1187554 1187595 1187601 1187696 1187795 1187867 1187883 1187886 1187927 1187972 1187980 1188062 1188063 1188116 1188127 1188217 1188218 1188219 1188220 1188282 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-35512 CVE-2020-9327 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-32760 CVE-2021-33624 CVE-2021-33909 CVE-2021-33910 CVE-2021-34693 CVE-2021-3573 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20210729-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2210-1 Released: Wed Jun 30 13:00:09 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184124 This update for lvm2 fixes the following issues: - Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2223-1 Released: Thu Jul 1 12:15:26 2021 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1173760 This update for chrony fixes the following issues: - Fixed an issue when chrony aborts in FIPS mode due to MD5. (bsc#1173760) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2286-1 Released: Fri Jul 9 17:38:53 2021 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863 This update for dosfstools fixes the following issue: - Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2292-1 Released: Mon Jul 12 08:25:20 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2308-1 Released: Tue Jul 13 13:36:03 2021 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower provides the following fix: - cpupower updates for Milan. (jsc#SLE-17797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2352-1 Released: Thu Jul 15 15:16:01 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1184212,1184685,1185486,1185675,1185677,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) The following non-security bugs were fixed: - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - cxgb4: fix wrong shift (git-fixes). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - ethtool: strset: fix message length calculation (bsc#1176447). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - nvmem: rmem: fix undefined reference to memremap (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - s390/dasd: add missing discipline function (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vrf: fix maximum MTU (git-fixes). - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2394-1 Released: Mon Jul 19 12:06:53 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695,1187093 This update for suse-module-tools provides the following fixes: - Fix treatment of compressed modules. (bsc#1187093) - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2395-1 Released: Mon Jul 19 12:08:34 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1187386 This update for efivar provides the following fix: - Fix the eMMC sysfs parsing. (bsc#1187386) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2412-1 Released: Tue Jul 20 15:25:21 2021 Summary: Security update for containerd Type: security Severity: moderate References: 1188282,CVE-2021-32760 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2415-1 Released: Tue Jul 20 16:11:34 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1188062,1188116,CVE-2021-22555,CVE-2021-33909 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Security issues fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). The following non-security bugs were fixed: - usb: dwc3: Fix debugfs creation flow (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2464-1 Released: Fri Jul 23 14:20:23 2021 Summary: Recommended update for shim Type: recommended Severity: moderate References: 1185232,1185261,1185441,1185464,1185961,1187071,1187260,1187696 This update for shim fixes the following issues: - shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464) - Avoid deleting the mirrored RT variables (bsc#1187696) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Relax the maximum variable size check for u-boot (bsc#1185621) - Relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) - Ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - Fided the size of rela sections for AArch64 - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Avoid potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Avoid buffer overflow when copying data to the MOK config table (bsc#1185232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2481-1 Released: Tue Jul 27 14:20:27 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1184124 This update for sysconfig fixes the following issues: - Link as Position Independent Executable (bsc#1184124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2558-1 Released: Thu Jul 29 12:05:03 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - Bump tzdata_version - update to 2021.1: * update to IANA 2021a timezone release ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). From sle-updates at lists.suse.com Mon Aug 2 06:11:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 08:11:26 +0200 (CEST) Subject: SUSE-IU-2021:606-1: Security update of sles-15-sp3-chost-byos-v20210729 Message-ID: <20210802061126.06BE5FCEF@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20210729 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:606-1 Image Tags : sles-15-sp3-chost-byos-v20210729:20210729 Image Release : Severity : important Type : security References : 1047218 1099521 1152489 1153274 1154353 1155518 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164648 1164719 1165198 1172091 1172115 1172234 1172236 1172240 1172863 1173641 1173760 1176447 1176774 1176919 1177028 1177695 1178134 1182470 1184124 1184124 1184212 1184685 1185232 1185261 1185441 1185464 1185486 1185675 1185677 1185807 1185828 1185958 1185961 1186206 1186411 1186447 1186503 1186579 1186666 1186949 1187071 1187091 1187093 1187105 1187154 1187171 1187210 1187260 1187263 1187292 1187356 1187386 1187402 1187403 1187404 1187407 1187408 1187409 1187410 1187411 1187412 1187413 1187452 1187554 1187595 1187601 1187696 1187795 1187867 1187883 1187886 1187927 1187972 1187980 1188062 1188063 1188116 1188127 1188179 1188217 1188218 1188219 1188220 1188282 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-35512 CVE-2020-9327 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-32760 CVE-2021-33624 CVE-2021-33909 CVE-2021-33910 CVE-2021-34693 CVE-2021-3573 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20210729 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2210-1 Released: Wed Jun 30 13:00:09 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184124 This update for lvm2 fixes the following issues: - Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2223-1 Released: Thu Jul 1 12:15:26 2021 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1173760 This update for chrony fixes the following issues: - Fixed an issue when chrony aborts in FIPS mode due to MD5. (bsc#1173760) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2286-1 Released: Fri Jul 9 17:38:53 2021 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863 This update for dosfstools fixes the following issue: - Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2292-1 Released: Mon Jul 12 08:25:20 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2308-1 Released: Tue Jul 13 13:36:03 2021 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower provides the following fix: - cpupower updates for Milan. (jsc#SLE-17797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2352-1 Released: Thu Jul 15 15:16:01 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1153274,1154353,1155518,1164648,1176447,1176774,1176919,1177028,1178134,1182470,1184212,1184685,1185486,1185675,1185677,1186206,1186666,1186949,1187171,1187263,1187356,1187402,1187403,1187404,1187407,1187408,1187409,1187410,1187411,1187412,1187413,1187452,1187554,1187595,1187601,1187795,1187867,1187883,1187886,1187927,1187972,1187980,CVE-2021-0512,CVE-2021-0605,CVE-2021-33624,CVE-2021-34693,CVE-2021-3573 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) The following non-security bugs were fixed: - 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - cxgb4: fix wrong shift (git-fixes). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - ethtool: strset: fix message length calculation (bsc#1176447). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - nvmem: rmem: fix undefined reference to memremap (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - s390/dasd: add missing discipline function (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: core: fix kernel panic when do reboot (git-fixes). - USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: fix various gadget panics on 10gbps cabling (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: eem: fix wrong eem header operation (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vrf: fix maximum MTU (git-fixes). - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2394-1 Released: Mon Jul 19 12:06:53 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695,1187093 This update for suse-module-tools provides the following fixes: - Fix treatment of compressed modules. (bsc#1187093) - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2395-1 Released: Mon Jul 19 12:08:34 2021 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1187386 This update for efivar provides the following fix: - Fix the eMMC sysfs parsing. (bsc#1187386) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2412-1 Released: Tue Jul 20 15:25:21 2021 Summary: Security update for containerd Type: security Severity: moderate References: 1188282,CVE-2021-32760 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2415-1 Released: Tue Jul 20 16:11:34 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1188062,1188116,CVE-2021-22555,CVE-2021-33909 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Security issues fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). The following non-security bugs were fixed: - usb: dwc3: Fix debugfs creation flow (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2464-1 Released: Fri Jul 23 14:20:23 2021 Summary: Recommended update for shim Type: recommended Severity: moderate References: 1185232,1185261,1185441,1185464,1185961,1187071,1187260,1187696 This update for shim fixes the following issues: - shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464) - Avoid deleting the mirrored RT variables (bsc#1187696) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Relax the maximum variable size check for u-boot (bsc#1185621) - Relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) - Ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - Fided the size of rela sections for AArch64 - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Avoid potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Avoid buffer overflow when copying data to the MOK config table (bsc#1185232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2477-1 Released: Tue Jul 27 13:32:50 2021 Summary: Recommended update for growpart-rootgrow Type: recommended Severity: important References: 1165198,1188179 This update for growpart-rootgrow fixes the following issues: - Change the logic to determine the partition ID of the root filesystem (bsc#1188179) + Previously the algorithm depended on the order of the output from lsblk using an index to keep track of the known partitions. The new implementation is order independent, it depends on the partition ID being numerical in nature and at the end of the device string. - Add coverage config. Omit version module from coverage check. - Fix string formatting for flake8 formatting. - Replace travis testing with GitHub actions. Add ci testing workflow action. - Switch implementation to use Popen for Python 3.4 compatibility (bsc#1165198) - Bump version: 1.0.2 ??? 1.0.3 - Fixed unit tests and style This clobbers several fixes into one. Sorry about it but I started on already made changes done by other people. This commit includes several pep8 style fixes mostly on the indentation level. In addition it fixes the unit tests to really cover all code and to make the exception tests really effective. - Switch to use Popen instead of run The run() fuction in the subprocess module was implemented after Python 3.4. However, we need to support Python 3.4 for SLES 12 - Bump version: 1.0.1 ??? 1.0.2 - Package LICENSE file The LICENSE file is part of the source repo but was not packaged with the rpm package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2481-1 Released: Tue Jul 27 14:20:27 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1184124 This update for sysconfig fixes the following issues: - Link as Position Independent Executable (bsc#1184124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). From sle-updates at lists.suse.com Mon Aug 2 13:16:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 15:16:00 +0200 (CEST) Subject: SUSE-RU-2021:2587-1: moderate: Recommended update for yast2-s390 Message-ID: <20210802131600.24D6DFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-s390 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2587-1 Rating: moderate References: #1187012 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-s390 fixes the following issues: - Do not activate 'DASD' devices after formatting. (bsc#1187012) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2587=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): yast2-s390-4.3.4-3.3.1 References: https://bugzilla.suse.com/1187012 From sle-updates at lists.suse.com Mon Aug 2 13:17:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 15:17:04 +0200 (CEST) Subject: SUSE-RU-2021:2583-1: moderate: Recommended update for xfig Message-ID: <20210802131704.14F36FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2583-1 Rating: moderate References: #1106850 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfig fixes the following issues: Update to 3.2.8 Patchlevel 8a (Mar 2021) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2583=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xfig-3.2.8a-4.3.1 xfig-debuginfo-3.2.8a-4.3.1 xfig-debugsource-3.2.8a-4.3.1 References: https://bugzilla.suse.com/1106850 From sle-updates at lists.suse.com Mon Aug 2 13:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 15:18:09 +0200 (CEST) Subject: SUSE-SU-2021:2584-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) Message-ID: <20210802131809.5354CFCF4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2584-1 Rating: important References: #1187052 #1188117 #1188257 Cross-References: CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 CVSS scores: CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_72 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2585=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2584=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_72-default-9-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_68-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2020-36385.html https://www.suse.com/security/cve/CVE-2021-22555.html https://www.suse.com/security/cve/CVE-2021-33909.html https://bugzilla.suse.com/1187052 https://bugzilla.suse.com/1188117 https://bugzilla.suse.com/1188257 From sle-updates at lists.suse.com Mon Aug 2 13:20:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 15:20:29 +0200 (CEST) Subject: SUSE-RU-2021:2586-1: important: Recommended update for migrate-sles-to-sles4sap Message-ID: <20210802132029.68746FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for migrate-sles-to-sles4sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2586-1 Rating: important References: #1171033 #1187433 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for migrate-sles-to-sles4sap fixes the following issues: - Migrating SUSE Linux Enterprise Server to SLES for SAP with SMT server fails. (bsc#1187433) - Fixes on the script 'clientSetup4SMT.sh'. (bsc#1171033) - Wrong smt url for - Fix setup scripts url - Fix pattern to find release packages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2586=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2586=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2586=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2586=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2586=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2586=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): migrate-sles-to-sles4sap-12.3.0-4.6.1 - SUSE OpenStack Cloud 8 (noarch): migrate-sles-to-sles4sap-12.3.0-4.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): migrate-sles-to-sles4sap-12.3.0-4.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): migrate-sles-to-sles4sap-12.3.0-4.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): migrate-sles-to-sles4sap-12.3.0-4.6.1 - HPE Helion Openstack 8 (noarch): migrate-sles-to-sles4sap-12.3.0-4.6.1 References: https://bugzilla.suse.com/1171033 https://bugzilla.suse.com/1187433 From sle-updates at lists.suse.com Mon Aug 2 16:15:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 18:15:35 +0200 (CEST) Subject: SUSE-SU-2021:2590-1: important: Security update for dbus-1 Message-ID: <20210802161535.765C1FCEF@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2590-1 Rating: important References: #1172505 #1187105 Cross-References: CVE-2020-12049 CVE-2020-35512 CVSS scores: CVE-2020-12049 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12049 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35512 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35512 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105) - CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2590=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2590=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2590=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2590=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2590=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2590=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2590=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2590=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2590=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2590=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debuginfo-32bit-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE OpenStack Cloud 9 (x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debuginfo-32bit-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE OpenStack Cloud 8 (x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): dbus-1-debuginfo-32bit-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 - HPE Helion Openstack 8 (x86_64): dbus-1-1.8.22-29.21.1 dbus-1-debuginfo-1.8.22-29.21.1 dbus-1-debugsource-1.8.22-29.21.1 dbus-1-x11-1.8.22-29.21.1 dbus-1-x11-debuginfo-1.8.22-29.21.1 dbus-1-x11-debugsource-1.8.22-29.21.1 libdbus-1-3-1.8.22-29.21.1 libdbus-1-3-32bit-1.8.22-29.21.1 libdbus-1-3-debuginfo-1.8.22-29.21.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.21.1 References: https://www.suse.com/security/cve/CVE-2020-12049.html https://www.suse.com/security/cve/CVE-2020-35512.html https://bugzilla.suse.com/1172505 https://bugzilla.suse.com/1187105 From sle-updates at lists.suse.com Mon Aug 2 16:16:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 18:16:46 +0200 (CEST) Subject: SUSE-RU-2021:2592-1: moderate: Recommended update for yast2-s390 Message-ID: <20210802161646.93CBAFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-s390 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2592-1 Rating: moderate References: #1187012 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-s390 fixes the following issues: - Do not activate 'DASD' devices after formatting. (bsc#1187012) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2592=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): yast2-s390-4.2.6-3.3.1 References: https://bugzilla.suse.com/1187012 From sle-updates at lists.suse.com Mon Aug 2 16:19:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 18:19:58 +0200 (CEST) Subject: SUSE-SU-2021:2591-1: important: Security update for qemu Message-ID: <20210802161958.10A33FCEF@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2591-1 Rating: important References: #1176681 #1185591 #1186290 #1187364 #1187365 #1187366 #1187367 #1187499 #1187529 #1187538 #1187539 Cross-References: CVE-2020-25085 CVE-2021-3582 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 CVSS scores: CVE-2020-25085 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25085 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3582 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3607 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3608 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3611 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681) Other issues fixed: - QEMU BIOS fails to read stage2 loader (on s390x)(bsc#1186290) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2591=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2591=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2591=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2591=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2591=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2591=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2591=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2591=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2591=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): qemu-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 - SUSE Manager Server 4.0 (s390x x86_64): qemu-kvm-3.1.1.1-9.30.2 - SUSE Manager Server 4.0 (ppc64le): qemu-ppc-3.1.1.1-9.30.2 qemu-ppc-debuginfo-3.1.1.1-9.30.2 - SUSE Manager Server 4.0 (x86_64): qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Manager Server 4.0 (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Manager Server 4.0 (s390x): qemu-s390-3.1.1.1-9.30.2 qemu-s390-debuginfo-3.1.1.1-9.30.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): qemu-3.1.1.1-9.30.2 qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Manager Retail Branch Server 4.0 (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Manager Proxy 4.0 (x86_64): qemu-3.1.1.1-9.30.2 qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Manager Proxy 4.0 (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): qemu-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le): qemu-ppc-3.1.1.1-9.30.2 qemu-ppc-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64): qemu-kvm-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-9.30.2 qemu-arm-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le): qemu-ppc-3.1.1.1-9.30.2 qemu-ppc-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): qemu-s390-3.1.1.1-9.30.2 qemu-s390-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): qemu-3.1.1.1-9.30.2 qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): qemu-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-9.30.2 qemu-arm-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): qemu-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): qemu-arm-3.1.1.1-9.30.2 qemu-arm-debuginfo-3.1.1.1-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): qemu-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 - SUSE Enterprise Storage 6 (aarch64): qemu-arm-3.1.1.1-9.30.2 qemu-arm-debuginfo-3.1.1.1-9.30.2 - SUSE Enterprise Storage 6 (x86_64): qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 - SUSE Enterprise Storage 6 (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE CaaS Platform 4.0 (noarch): qemu-ipxe-1.0.0+-9.30.2 qemu-seabios-1.12.0_0_ga698c89-9.30.2 qemu-sgabios-8-9.30.2 qemu-vgabios-1.12.0_0_ga698c89-9.30.2 - SUSE CaaS Platform 4.0 (x86_64): qemu-3.1.1.1-9.30.2 qemu-audio-alsa-3.1.1.1-9.30.2 qemu-audio-alsa-debuginfo-3.1.1.1-9.30.2 qemu-audio-oss-3.1.1.1-9.30.2 qemu-audio-oss-debuginfo-3.1.1.1-9.30.2 qemu-audio-pa-3.1.1.1-9.30.2 qemu-audio-pa-debuginfo-3.1.1.1-9.30.2 qemu-block-curl-3.1.1.1-9.30.2 qemu-block-curl-debuginfo-3.1.1.1-9.30.2 qemu-block-iscsi-3.1.1.1-9.30.2 qemu-block-iscsi-debuginfo-3.1.1.1-9.30.2 qemu-block-rbd-3.1.1.1-9.30.2 qemu-block-rbd-debuginfo-3.1.1.1-9.30.2 qemu-block-ssh-3.1.1.1-9.30.2 qemu-block-ssh-debuginfo-3.1.1.1-9.30.2 qemu-debuginfo-3.1.1.1-9.30.2 qemu-debugsource-3.1.1.1-9.30.2 qemu-guest-agent-3.1.1.1-9.30.2 qemu-guest-agent-debuginfo-3.1.1.1-9.30.2 qemu-kvm-3.1.1.1-9.30.2 qemu-lang-3.1.1.1-9.30.2 qemu-tools-3.1.1.1-9.30.2 qemu-tools-debuginfo-3.1.1.1-9.30.2 qemu-ui-curses-3.1.1.1-9.30.2 qemu-ui-curses-debuginfo-3.1.1.1-9.30.2 qemu-ui-gtk-3.1.1.1-9.30.2 qemu-ui-gtk-debuginfo-3.1.1.1-9.30.2 qemu-x86-3.1.1.1-9.30.2 qemu-x86-debuginfo-3.1.1.1-9.30.2 References: https://www.suse.com/security/cve/CVE-2020-25085.html https://www.suse.com/security/cve/CVE-2021-3582.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3593.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://www.suse.com/security/cve/CVE-2021-3607.html https://www.suse.com/security/cve/CVE-2021-3608.html https://www.suse.com/security/cve/CVE-2021-3611.html https://bugzilla.suse.com/1176681 https://bugzilla.suse.com/1185591 https://bugzilla.suse.com/1186290 https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187365 https://bugzilla.suse.com/1187366 https://bugzilla.suse.com/1187367 https://bugzilla.suse.com/1187499 https://bugzilla.suse.com/1187529 https://bugzilla.suse.com/1187538 https://bugzilla.suse.com/1187539 From sle-updates at lists.suse.com Mon Aug 2 16:22:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 18:22:12 +0200 (CEST) Subject: SUSE-SU-2021:2589-1: important: Security update for lasso Message-ID: <20210802162212.C270BFCEF@maintenance.suse.de> SUSE Security Update: Security update for lasso ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2589-1 Rating: important References: #1186768 Cross-References: CVE-2021-28091 CVSS scores: CVE-2021-28091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-28091 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lasso fixes the following issues: - CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing SAML responses. (bsc#1186768) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2589=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2589=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): liblasso-devel-2.6.1-8.7.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): liblasso3-2.6.1-8.7.2 python3-lasso-2.6.1-8.7.2 References: https://www.suse.com/security/cve/CVE-2021-28091.html https://bugzilla.suse.com/1186768 From sle-updates at lists.suse.com Mon Aug 2 19:15:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 21:15:21 +0200 (CEST) Subject: SUSE-RU-2021:2594-1: moderate: Recommended update for shim Message-ID: <20210802191521.6773BFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2594-1 Rating: moderate References: #1185232 #1185261 #1185441 #1185464 #1185621 #1185961 #1187071 #1187260 #1187696 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for shim fixes the following issues: Update shim to 15.4-4.7.1, Version: 15.4, "Thu Jul 15 2021" - Update the SLE signatures - Includes fixes for MOK and boot problems (bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232) - Instead of assuming "removable" for Azure, remove fallback.efi from '\EFI\Boot' and copy 'grub.efi/cfg' to '\EFI\Boot' to make it bootable and keep the boot option created by efibootmgr. (bsc#1185464, bsc#1185961) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2594=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2594=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2594=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2594=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2594=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2594=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2594=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2594=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2594=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2594=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2594=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): shim-15.4-25.21.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): shim-15.4-25.21.1 - SUSE OpenStack Cloud 9 (x86_64): shim-15.4-25.21.1 - SUSE OpenStack Cloud 8 (x86_64): shim-15.4-25.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): shim-15.4-25.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): shim-15.4-25.21.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): shim-15.4-25.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): shim-15.4-25.21.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): shim-15.4-25.21.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): shim-15.4-25.21.1 - HPE Helion Openstack 8 (x86_64): shim-15.4-25.21.1 References: https://bugzilla.suse.com/1185232 https://bugzilla.suse.com/1185261 https://bugzilla.suse.com/1185441 https://bugzilla.suse.com/1185464 https://bugzilla.suse.com/1185621 https://bugzilla.suse.com/1185961 https://bugzilla.suse.com/1187071 https://bugzilla.suse.com/1187260 https://bugzilla.suse.com/1187696 From sle-updates at lists.suse.com Mon Aug 2 19:17:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Aug 2021 21:17:25 +0200 (CEST) Subject: SUSE-RU-2021:2593-1: moderate: Recommended update for suse-module-tools Message-ID: <20210802191725.C4743FCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2593-1 Rating: moderate References: #1177695 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2593=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2593=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): suse-module-tools-15.2.12-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): suse-module-tools-15.2.12-4.3.1 References: https://bugzilla.suse.com/1177695 From sle-updates at lists.suse.com Tue Aug 3 10:16:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 12:16:02 +0200 (CEST) Subject: SUSE-SU-2021:2595-1: important: Security update for python-Pillow Message-ID: <20210803101602.5E6C2FCEF@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2595-1 Rating: important References: #1188574 Cross-References: CVE-2021-34552 CVSS scores: CVE-2021-34552 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-34552 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2021-34552: Fixed a buffer overflow in Convert.c (bsc#1188574) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-2595=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Pillow-2.8.1-4.25.1 python-Pillow-debuginfo-2.8.1-4.25.1 python-Pillow-debugsource-2.8.1-4.25.1 References: https://www.suse.com/security/cve/CVE-2021-34552.html https://bugzilla.suse.com/1188574 From sle-updates at lists.suse.com Tue Aug 3 13:16:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 15:16:02 +0200 (CEST) Subject: SUSE-RU-2021:2596-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20210803131602.7FAACFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2596-1 Rating: moderate References: #1187661 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amazon-ecs-init fixes the following issues: - Update to version 1.53.0-1 (bsc#1187661) * Cache Agent version 1.53.0 - from version 1.52.2-2 * Cache Agent version 1.52.2 * ecs-anywhere-install: fix incorrect download url when running in cn region - from version 1.52.2-1 * Cache Agent version 1.52.2 * ecs-anywhere-install: remove dependency on gpg key server * ecs-anywhere-install: allow sandboxed apt installations Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-2596=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): amazon-ecs-init-1.53.0-16.11.1 References: https://bugzilla.suse.com/1187661 From sle-updates at lists.suse.com Tue Aug 3 16:15:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 18:15:55 +0200 (CEST) Subject: SUSE-SU-2021:2599-1: important: Security update for the Linux Kernel Message-ID: <20210803161555.9DC87FCEF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2599-1 Rating: important References: #1065729 #1085224 #1094840 #1152472 #1152489 #1155518 #1170511 #1179243 #1180092 #1183871 #1184114 #1184804 #1185308 #1185791 #1186206 #1187215 #1187585 #1188036 #1188080 #1188116 #1188121 #1188176 #1188267 #1188268 #1188269 #1188405 #1188525 SLE-17042 SLE-17043 SLE-17268 Cross-References: CVE-2021-22555 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVSS scores: CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities, contains three features and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed a bug where modules signature verification did not occur if CONFIG_MODULE_SIG is not set, regardless of the value of module.sig_enforce command-line argument. (bnc#1188080) The following non-security bugs were fixed: - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: Fix memory leak caused by _CID repair function (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) Backporting changes: * context changes - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) Backporting changes: * context changes - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) Backporting changes: * unsigned long -> uint32_t - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) Backporting changes: * only panel-samsung-s6d16d0.c exists - drm/msm: Small msm_gem_purge() fix (bsc#1152489) Backporting changes: * context changes * GEM_WARN_ON() -> WARN_ON() - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) Backporting changes: * context changes - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) Backporting changes: * context changes * vc4_hdmi -> vc4->hdmi - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - mac80211: drop pending frames on stop (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: fix device register error path (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - nvme: fix in-casule data send for chained sgls (git-fixes). - nvme: introduce nvme_rdma_sgl structure (git-fixes). - nvme: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: remove wrong GLOBETROTTER.cis entry (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - tcp: Remove superfluous BH-disable around listening_hash (bsc#1188525). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - tpm: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm: Reserve locality in tpm_tis_resume() (bsc#1188036). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing: Fix parsing of "sym-offset" modifier (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify and fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509). - Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - UsrMerge the kernel (boo#1184804) - vfio: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors and warnings (git-fixes). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xhci: solve a double free problem while doing s4 (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-2599=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-45.3 kernel-source-rt-5.3.18-45.3 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-45.3 cluster-md-kmp-rt-debuginfo-5.3.18-45.3 dlm-kmp-rt-5.3.18-45.3 dlm-kmp-rt-debuginfo-5.3.18-45.3 gfs2-kmp-rt-5.3.18-45.3 gfs2-kmp-rt-debuginfo-5.3.18-45.3 kernel-rt-5.3.18-45.3 kernel-rt-debuginfo-5.3.18-45.3 kernel-rt-debugsource-5.3.18-45.3 kernel-rt-devel-5.3.18-45.3 kernel-rt-devel-debuginfo-5.3.18-45.3 kernel-rt_debug-5.3.18-45.3 kernel-rt_debug-debuginfo-5.3.18-45.3 kernel-rt_debug-debugsource-5.3.18-45.3 kernel-rt_debug-devel-5.3.18-45.3 kernel-rt_debug-devel-debuginfo-5.3.18-45.3 kernel-syms-rt-5.3.18-45.2 ocfs2-kmp-rt-5.3.18-45.3 ocfs2-kmp-rt-debuginfo-5.3.18-45.3 References: https://www.suse.com/security/cve/CVE-2021-22555.html https://www.suse.com/security/cve/CVE-2021-35039.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3612.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1170511 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1180092 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185308 https://bugzilla.suse.com/1185791 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1187585 https://bugzilla.suse.com/1188036 https://bugzilla.suse.com/1188080 https://bugzilla.suse.com/1188116 https://bugzilla.suse.com/1188121 https://bugzilla.suse.com/1188176 https://bugzilla.suse.com/1188267 https://bugzilla.suse.com/1188268 https://bugzilla.suse.com/1188269 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188525 From sle-updates at lists.suse.com Tue Aug 3 16:20:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 18:20:17 +0200 (CEST) Subject: SUSE-SU-2021:2600-1: important: Security update for webkit2gtk3 Message-ID: <20210803162017.33492FCEF@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2600-1 Rating: important References: #1188697 Cross-References: CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 CVSS scores: CVE-2021-21775 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21775 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21779 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21779 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30749 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2600=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2600=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2600=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2600=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2600=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2600=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2600=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2600=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2600=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2600=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2600=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2600=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2600=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 webkit2gtk3-devel-2.32.3-2.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 webkit2gtk3-devel-2.32.3-2.66.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.32.3-2.66.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-2.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1 libwebkit2gtk-4_0-37-2.32.3-2.66.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1 typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2-4_0-2.32.3-2.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1 webkit2gtk3-debugsource-2.32.3-2.66.1 References: https://www.suse.com/security/cve/CVE-2021-21775.html https://www.suse.com/security/cve/CVE-2021-21779.html https://www.suse.com/security/cve/CVE-2021-30663.html https://www.suse.com/security/cve/CVE-2021-30665.html https://www.suse.com/security/cve/CVE-2021-30689.html https://www.suse.com/security/cve/CVE-2021-30720.html https://www.suse.com/security/cve/CVE-2021-30734.html https://www.suse.com/security/cve/CVE-2021-30744.html https://www.suse.com/security/cve/CVE-2021-30749.html https://www.suse.com/security/cve/CVE-2021-30758.html https://www.suse.com/security/cve/CVE-2021-30795.html https://www.suse.com/security/cve/CVE-2021-30797.html https://www.suse.com/security/cve/CVE-2021-30799.html https://bugzilla.suse.com/1188697 From sle-updates at lists.suse.com Tue Aug 3 16:21:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 18:21:22 +0200 (CEST) Subject: SUSE-SU-2021:14772-1: important: Security update for kvm Message-ID: <20210803162122.67867FCEF@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14772-1 Rating: important References: #1173612 #1174386 #1178683 #1180523 #1181933 #1186473 #1187364 #1187367 Cross-References: CVE-2020-11947 CVE-2020-15469 CVE-2020-15863 CVE-2020-25707 CVE-2021-20221 CVE-2021-3416 CVE-2021-3592 CVE-2021-3594 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-25707 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-20221 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for kvm fixes the following issues: - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367) - CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473) - CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612) - CVE-2020-11947: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523) - CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933) - CVE-2020-25707: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c. (bsc#1178683) - CVE-2020-15863: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c. (bsc#1174386) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kvm-14772=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): kvm-1.4.2-60.37.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-25707.html https://www.suse.com/security/cve/CVE-2021-20221.html https://www.suse.com/security/cve/CVE-2021-3416.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1178683 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1186473 https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187367 From sle-updates at lists.suse.com Tue Aug 3 16:23:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 18:23:15 +0200 (CEST) Subject: SUSE-SU-2021:2598-1: important: Security update for webkit2gtk3 Message-ID: <20210803162315.25E4AFCEF@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2598-1 Rating: important References: #1188697 Cross-References: CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 CVSS scores: CVE-2021-21775 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21775 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21779 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21779 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30749 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2598=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2598=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2598=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2598=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1 typelib-1_0-WebKit2-4_0-2.32.3-9.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1 webkit2gtk3-debugsource-2.32.3-9.1 webkit2gtk3-devel-2.32.3-9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1 typelib-1_0-WebKit2-4_0-2.32.3-9.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1 webkit2gtk3-debugsource-2.32.3-9.1 webkit2gtk3-devel-2.32.3-9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-9.1 libwebkit2gtk-4_0-37-2.32.3-9.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-9.1 webkit2gtk-4_0-injected-bundles-2.32.3-9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-9.1 webkit2gtk3-debugsource-2.32.3-9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.32.3-9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-9.1 libwebkit2gtk-4_0-37-2.32.3-9.1 libwebkit2gtk-4_0-37-debuginfo-2.32.3-9.1 webkit2gtk-4_0-injected-bundles-2.32.3-9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-9.1 webkit2gtk3-debugsource-2.32.3-9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.32.3-9.1 References: https://www.suse.com/security/cve/CVE-2021-21775.html https://www.suse.com/security/cve/CVE-2021-21779.html https://www.suse.com/security/cve/CVE-2021-30663.html https://www.suse.com/security/cve/CVE-2021-30665.html https://www.suse.com/security/cve/CVE-2021-30689.html https://www.suse.com/security/cve/CVE-2021-30720.html https://www.suse.com/security/cve/CVE-2021-30734.html https://www.suse.com/security/cve/CVE-2021-30744.html https://www.suse.com/security/cve/CVE-2021-30749.html https://www.suse.com/security/cve/CVE-2021-30758.html https://www.suse.com/security/cve/CVE-2021-30795.html https://www.suse.com/security/cve/CVE-2021-30797.html https://www.suse.com/security/cve/CVE-2021-30799.html https://bugzilla.suse.com/1188697 From sle-updates at lists.suse.com Tue Aug 3 16:24:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Aug 2021 18:24:24 +0200 (CEST) Subject: SUSE-RU-2021:2597-1: moderate: Recommended update for samba Message-ID: <20210803162424.2B6FEFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2597-1 Rating: moderate References: #1187401 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issues: - Update baselibs.conf to fix a problem updating 32bit libraries. (bsc#1187401) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2597=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2597=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2597=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.18+git.279.5c5879d939f-3.33.1 libndr-krb5pac-devel-4.10.18+git.279.5c5879d939f-3.33.1 libndr-nbt-devel-4.10.18+git.279.5c5879d939f-3.33.1 libndr-standard-devel-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-util-devel-4.10.18+git.279.5c5879d939f-3.33.1 libsmbclient-devel-4.10.18+git.279.5c5879d939f-3.33.1 libwbclient-devel-4.10.18+git.279.5c5879d939f-3.33.1 samba-core-devel-4.10.18+git.279.5c5879d939f-3.33.1 samba-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-debugsource-4.10.18+git.279.5c5879d939f-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.18+git.279.5c5879d939f-3.33.1 libdcerpc-binding0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libdcerpc0-4.10.18+git.279.5c5879d939f-3.33.1 libdcerpc0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libndr-krb5pac0-4.10.18+git.279.5c5879d939f-3.33.1 libndr-krb5pac0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libndr-nbt0-4.10.18+git.279.5c5879d939f-3.33.1 libndr-nbt0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libndr-standard0-4.10.18+git.279.5c5879d939f-3.33.1 libndr-standard0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libndr0-4.10.18+git.279.5c5879d939f-3.33.1 libndr0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libnetapi0-4.10.18+git.279.5c5879d939f-3.33.1 libnetapi0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-credentials0-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-credentials0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-errors0-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-errors0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-hostconfig0-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-hostconfig0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-passdb0-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-passdb0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-util0-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-util0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsamdb0-4.10.18+git.279.5c5879d939f-3.33.1 libsamdb0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsmbclient0-4.10.18+git.279.5c5879d939f-3.33.1 libsmbclient0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsmbconf0-4.10.18+git.279.5c5879d939f-3.33.1 libsmbconf0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libsmbldap2-4.10.18+git.279.5c5879d939f-3.33.1 libsmbldap2-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libtevent-util0-4.10.18+git.279.5c5879d939f-3.33.1 libtevent-util0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 libwbclient0-4.10.18+git.279.5c5879d939f-3.33.1 libwbclient0-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-4.10.18+git.279.5c5879d939f-3.33.1 samba-client-4.10.18+git.279.5c5879d939f-3.33.1 samba-client-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-debugsource-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-python3-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-python3-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-winbind-4.10.18+git.279.5c5879d939f-3.33.1 samba-winbind-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libdcerpc-binding0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libdcerpc0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libdcerpc0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr-krb5pac0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr-krb5pac0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr-nbt0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr-nbt0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr-standard0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr-standard0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libndr0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libnetapi0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libnetapi0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-credentials0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-credentials0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-errors0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-errors0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-hostconfig0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-passdb0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-passdb0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-util0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamba-util0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamdb0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsamdb0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsmbclient0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsmbclient0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsmbconf0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsmbconf0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsmbldap2-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libsmbldap2-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libtevent-util0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libtevent-util0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libwbclient0-32bit-4.10.18+git.279.5c5879d939f-3.33.1 libwbclient0-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-client-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-client-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-python3-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-libs-python3-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-winbind-32bit-4.10.18+git.279.5c5879d939f-3.33.1 samba-winbind-debuginfo-32bit-4.10.18+git.279.5c5879d939f-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.18+git.279.5c5879d939f-3.33.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.18+git.279.5c5879d939f-3.33.1 ctdb-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-debuginfo-4.10.18+git.279.5c5879d939f-3.33.1 samba-debugsource-4.10.18+git.279.5c5879d939f-3.33.1 References: https://bugzilla.suse.com/1187401 From sle-updates at lists.suse.com Wed Aug 4 10:15:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 12:15:51 +0200 (CEST) Subject: SUSE-RU-2021:2602-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20210804101551.8D5B1FCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2602-1 Rating: moderate References: #1187662 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amazon-ecs-init fixes the following issues: - Update to version 1.53.0-1 (bsc#1187662) * Cache Agent version 1.53.0 - from version 1.52.2-2 * Cache Agent version 1.52.2 * ecs-anywhere-install: fix incorrect download url when running in cn region - from version 1.52.2-1 * Cache Agent version 1.52.2 * ecs-anywhere-install: remove dependency on gpg key server * ecs-anywhere-install: allow sandboxed apt installations Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2602=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-2602=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-2602=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): amazon-ecs-init-1.53.0-4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): amazon-ecs-init-1.53.0-4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): amazon-ecs-init-1.53.0-4.11.1 References: https://bugzilla.suse.com/1187662 From sle-updates at lists.suse.com Wed Aug 4 13:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 15:16:32 +0200 (CEST) Subject: SUSE-RU-2021:2603-1: moderate: Recommended update for sca-appliance-common, supportutils Message-ID: <20210804131632.1525FFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for sca-appliance-common, supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2603-1 Rating: moderate References: #1185991 #1185993 #1186347 #1186397 #1186687 SLE-18240 SLE-18344 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes and contains two features can now be installed. Description: This update for sca-appliance-common, supportutils fixes the following issues: - Adding ethtool options to the supportconfigt. (jsc#SLE-18239, jsc#SLE-18344) - Fixed and issue when 'lsof' causes performance problems. (bsc#1186687) - Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347) - Fix 'analyzevmcore' to supports local directories. (bsc#1186397) - Fix for 'getappcore' checking for valid compression binary. (bsc#1185991) - Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2603=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2603=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2603=1 Package List: - SUSE MicroOS 5.0 (noarch): supportutils-3.1.17-5.34.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): sca-appliance-common-1.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): supportutils-3.1.17-5.34.1 References: https://bugzilla.suse.com/1185991 https://bugzilla.suse.com/1185993 https://bugzilla.suse.com/1186347 https://bugzilla.suse.com/1186397 https://bugzilla.suse.com/1186687 From sle-updates at lists.suse.com Wed Aug 4 16:16:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 18:16:13 +0200 (CEST) Subject: SUSE-RU-2021:2604-1: moderate: Recommended update for sbd Message-ID: <20210804161613.85B6CFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2604-1 Rating: moderate References: #1140065 #1179655 #1180966 #1182648 #1183237 #1183259 #1185182 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - Deprecated path "/var/run/" used in systemd-services (bsc#1185182) - sbd-inquisitor: take the defaults for the options set in sysconfig with empty strings (bsc#1183259) - sbd-inquisitor: prevent segfault if no command is supplied (bsc#1183237) - sbd-inquisitor,sbd-md: make watchdog warning messages more understandable (bsc#1182648) - sbd-inquisitor: calculate the default timeout for watchdog warning based on the watchdog timeout consistently (bsc#1182648) - sbd-inquisitor: ensure the timeout for watchdog warning specified with `-5` option is respected (bsc#1182648) - sbd-common: ensure the default timeout for watchdog warning is about 3/5 of the default watchdog timeout (bsc#1182648) - sbd-inquisitor: downgrade the warning about SBD_SYNC_RESOURCE_STARTUP to notice (bsc#1180966) - sbd-inquisitor: check SBD_SYNC_RESOURCE_STARTUP only in watch mode (bsc#1180966) - ship sbd.pc with basic sbd build information for downstream packages to use - sbd: inform the user to restart the sbd service (bsc#1179655) - build: use configure for watchdog-default-timeout & others Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2604=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): sbd-1.4.2+20210305.926b554-3.9.2 sbd-debuginfo-1.4.2+20210305.926b554-3.9.2 sbd-debugsource-1.4.2+20210305.926b554-3.9.2 References: https://bugzilla.suse.com/1140065 https://bugzilla.suse.com/1179655 https://bugzilla.suse.com/1180966 https://bugzilla.suse.com/1182648 https://bugzilla.suse.com/1183237 https://bugzilla.suse.com/1183259 https://bugzilla.suse.com/1185182 From sle-updates at lists.suse.com Wed Aug 4 16:19:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 18:19:19 +0200 (CEST) Subject: SUSE-RU-2021:2608-1: moderate: Recommended update for sbd Message-ID: <20210804161919.B4710FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2608-1 Rating: moderate References: #1140065 #1179655 #1180966 #1182648 #1183237 #1183259 #1185182 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - Deprecated path "/var/run/" used in systemd-services (bsc#1185182) - sbd-inquisitor: take the defaults for the options set in sysconfig with empty strings (bsc#1183259) - sbd-inquisitor: prevent segfault if no command is supplied (bsc#1183237) - sbd-inquisitor,sbd-md: make watchdog warning messages more understandable (bsc#1182648) - sbd-inquisitor: calculate the default timeout for watchdog warning based on the watchdog timeout consistently (bsc#1182648) - sbd-inquisitor: ensure the timeout for watchdog warning specified with `-5` option is respected (bsc#1182648) - sbd-common: ensure the default timeout for watchdog warning is about 3/5 of the default watchdog timeout (bsc#1182648) - sbd-inquisitor: downgrade the warning about SBD_SYNC_RESOURCE_STARTUP to notice (bsc#1180966) - sbd-inquisitor: check SBD_SYNC_RESOURCE_STARTUP only in watch mode (bsc#1180966) - ship sbd.pc with basic sbd build information for downstream packages to use - sbd: inform the user to restart the sbd service (bsc#1179655) - build: use configure for watchdog-default-timeout & others Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-2608=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): sbd-1.4.2+20210305.926b554-4.18.1 sbd-debuginfo-1.4.2+20210305.926b554-4.18.1 sbd-debugsource-1.4.2+20210305.926b554-4.18.1 References: https://bugzilla.suse.com/1140065 https://bugzilla.suse.com/1179655 https://bugzilla.suse.com/1180966 https://bugzilla.suse.com/1182648 https://bugzilla.suse.com/1183237 https://bugzilla.suse.com/1183259 https://bugzilla.suse.com/1185182 From sle-updates at lists.suse.com Wed Aug 4 16:21:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 18:21:04 +0200 (CEST) Subject: SUSE-RU-2021:2609-1: moderate: Recommended update for sbd Message-ID: <20210804162104.A263AFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2609-1 Rating: moderate References: #1140065 #1179655 #1180966 #1182648 #1183237 #1183259 #1185182 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - Deprecated path "/var/run/" used in systemd-services (bsc#1185182) - sbd-inquisitor: take the defaults for the options set in sysconfig with empty strings (bsc#1183259) - sbd-inquisitor: prevent segfault if no command is supplied (bsc#1183237) - sbd-inquisitor,sbd-md: make watchdog warning messages more understandable (bsc#1182648) - sbd-inquisitor: calculate the default timeout for watchdog warning based on the watchdog timeout consistently (bsc#1182648) - sbd-inquisitor: ensure the timeout for watchdog warning specified with `-5` option is respected (bsc#1182648) - sbd-common: ensure the default timeout for watchdog warning is about 3/5 of the default watchdog timeout (bsc#1182648) - sbd-inquisitor: downgrade the warning about SBD_SYNC_RESOURCE_STARTUP to notice (bsc#1180966) - sbd-inquisitor: check SBD_SYNC_RESOURCE_STARTUP only in watch mode (bsc#1180966) - ship sbd.pc with basic sbd build information for downstream packages to use - sbd: inform the user to restart the sbd service (bsc#1179655) - build: use configure for watchdog-default-timeout & others Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-2609=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): sbd-1.4.2+20210305.926b554-3.15.2 sbd-debuginfo-1.4.2+20210305.926b554-3.15.2 sbd-debugsource-1.4.2+20210305.926b554-3.15.2 References: https://bugzilla.suse.com/1140065 https://bugzilla.suse.com/1179655 https://bugzilla.suse.com/1180966 https://bugzilla.suse.com/1182648 https://bugzilla.suse.com/1183237 https://bugzilla.suse.com/1183259 https://bugzilla.suse.com/1185182 From sle-updates at lists.suse.com Wed Aug 4 16:22:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 18:22:54 +0200 (CEST) Subject: SUSE-RU-2021:2606-1: moderate: Recommended update for libcbor Message-ID: <20210804162254.B233BFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcbor ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2606-1 Rating: moderate References: #1102408 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2606=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2606=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2606=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2606=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libcbor-debugsource-0.5.0-4.3.1 libcbor-devel-0.5.0-4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libcbor-debugsource-0.5.0-4.3.1 libcbor-devel-0.5.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libcbor-debugsource-0.5.0-4.3.1 libcbor0-0.5.0-4.3.1 libcbor0-debuginfo-0.5.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libcbor-debugsource-0.5.0-4.3.1 libcbor0-0.5.0-4.3.1 libcbor0-debuginfo-0.5.0-4.3.1 References: https://bugzilla.suse.com/1102408 From sle-updates at lists.suse.com Wed Aug 4 16:25:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 18:25:09 +0200 (CEST) Subject: SUSE-SU-2021:14773-1: important: Security update for djvulibre Message-ID: <20210804162509.1B6ACFCF4@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14773-1 Rating: important References: #1187869 Cross-References: CVE-2021-3630 CVSS scores: CVE-2021-3630 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3630 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - Extend CVE-2021-3630 fix (bsc#1187869). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-djvulibre-14773=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-djvulibre-14773=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-djvulibre-14773=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-djvulibre-14773=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libdjvulibre21-3.5.21-3.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libdjvulibre21-3.5.21-3.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): djvulibre-debuginfo-3.5.21-3.18.1 djvulibre-debugsource-3.5.21-3.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): djvulibre-debuginfo-3.5.21-3.18.1 djvulibre-debugsource-3.5.21-3.18.1 References: https://www.suse.com/security/cve/CVE-2021-3630.html https://bugzilla.suse.com/1187869 From sle-updates at lists.suse.com Wed Aug 4 16:26:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Aug 2021 18:26:17 +0200 (CEST) Subject: SUSE-SU-2021:2605-1: important: Security update for mariadb Message-ID: <20210804162617.BE49FFCF4@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2605-1 Rating: important References: #1182739 #1183770 #1185870 #1185872 Cross-References: CVE-2021-2154 CVE-2021-2166 CVE-2021-27928 CVSS scores: CVE-2021-2154 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2154 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-27928 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27928 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2605=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.5.11-3.3.1 libmariadbd19-10.5.11-3.3.1 libmariadbd19-debuginfo-10.5.11-3.3.1 mariadb-10.5.11-3.3.1 mariadb-client-10.5.11-3.3.1 mariadb-client-debuginfo-10.5.11-3.3.1 mariadb-debuginfo-10.5.11-3.3.1 mariadb-debugsource-10.5.11-3.3.1 mariadb-tools-10.5.11-3.3.1 mariadb-tools-debuginfo-10.5.11-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): mariadb-errormessages-10.5.11-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-2154.html https://www.suse.com/security/cve/CVE-2021-2166.html https://www.suse.com/security/cve/CVE-2021-27928.html https://bugzilla.suse.com/1182739 https://bugzilla.suse.com/1183770 https://bugzilla.suse.com/1185870 https://bugzilla.suse.com/1185872 From sle-updates at lists.suse.com Thu Aug 5 13:44:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:44:59 +0200 (CEST) Subject: SUSE-SU-2021:2621-1: important: Security update for djvulibre Message-ID: <20210805134459.8D79DFCF4@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2621-1 Rating: important References: #1187869 Cross-References: CVE-2021-3630 CVSS scores: CVE-2021-3630 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3630 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2621=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2621=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2621=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2621=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2621=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2621=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2621=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2621=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2621=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2621=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2621=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2621=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2621=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE OpenStack Cloud 9 (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE OpenStack Cloud 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre-devel-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 - HPE Helion Openstack 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.19.2 djvulibre-debugsource-3.5.25.3-5.19.2 libdjvulibre21-3.5.25.3-5.19.2 libdjvulibre21-debuginfo-3.5.25.3-5.19.2 References: https://www.suse.com/security/cve/CVE-2021-3630.html https://bugzilla.suse.com/1187869 From sle-updates at lists.suse.com Thu Aug 5 13:47:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:47:25 +0200 (CEST) Subject: SUSE-SU-2021:2617-1: important: Security update for mariadb Message-ID: <20210805134725.CC677FCF4@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2617-1 Rating: important References: #1182739 #1183770 #1185868 #1185870 #1185872 #1188300 Cross-References: CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 CVSS scores: CVE-2021-2154 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2154 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2180 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2180 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-27928 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27928 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2617=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2617=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2617=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2617=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2617=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2617=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2617=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2617=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2617=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2617=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2617=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2617=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2617=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Manager Server 4.0 (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Manager Retail Branch Server 4.0 (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Manager Proxy 4.0 (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Manager Proxy 4.0 (x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE Enterprise Storage 6 (noarch): mariadb-errormessages-10.2.39-3.40.1 - SUSE CaaS Platform 4.0 (x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 mariadb-10.2.39-3.40.1 mariadb-client-10.2.39-3.40.1 mariadb-client-debuginfo-10.2.39-3.40.1 mariadb-debuginfo-10.2.39-3.40.1 mariadb-debugsource-10.2.39-3.40.1 mariadb-tools-10.2.39-3.40.1 mariadb-tools-debuginfo-10.2.39-3.40.1 - SUSE CaaS Platform 4.0 (noarch): mariadb-errormessages-10.2.39-3.40.1 References: https://www.suse.com/security/cve/CVE-2021-2154.html https://www.suse.com/security/cve/CVE-2021-2166.html https://www.suse.com/security/cve/CVE-2021-2180.html https://www.suse.com/security/cve/CVE-2021-27928.html https://bugzilla.suse.com/1182739 https://bugzilla.suse.com/1183770 https://bugzilla.suse.com/1185868 https://bugzilla.suse.com/1185870 https://bugzilla.suse.com/1185872 https://bugzilla.suse.com/1188300 From sle-updates at lists.suse.com Thu Aug 5 13:49:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:49:18 +0200 (CEST) Subject: SUSE-RU-2021:2628-1: moderate: Recommended update for open-vm-tools Message-ID: <20210805134918.D2440FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2628-1 Rating: moderate References: #1029961 #1180997 #1185103 #1185175 #1187567 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: Update from version 11.2.0 to version 11.3.0 - Changes in version 11.3.0 (bsc#1187567) * Reduce or eliminate Linux dependency on the 'net-tools' package. * The 'ifconfig' and 'netstat' commands are deprecated in more recent releases of Linux. Update the Linux 'vm-support' script to use the 'ip' and 'ss' commands when available. If the new commands are missing a fallback will be used. In Particular, 'ip' has a fallback on 'ifconfig', 'ip route' will fallback on 'route' and 'ss' will fallback on 'netstat'. * Configuring OVT with the '--without-pam' option will implicitly disable 'vgauth'. * When no 'vgauth' option is given alongside '--without-pam', a warning is displayed with a message 'Building without PAM; vgauth will be disabled.'. * When '--disable-vgauth' is supplied alongside '--without-pam', no warning or error message is displayed. * When '--enable-vgauth' is supplied alongside '--without-pam', an error will be shown and the configure stage will be aborted with an error message 'Cannot enable vgauth without PAM. Please configure without --without-pam or without --enable-vgauth.' * Fix issues using GCC 11 with gtk >= 3.20 and glib >=2.66.3 * Fix more GCC 11 failures. (bsc#1185103) * Update the 'FreeBSD' specific sections of 'open-vm-tools' to adjust what necessary for 'ARM64'. * New command line tool 'vmwgfxctrl' introduced in 'open-vm-tools'. * A user can now control various aspects of the 'vmwgfx' Linux kernel module. Currently it can both display and set the current topology of the 'vmwgfx' kernel driver. It is useful when trying to configure custom resolutions on recent Linux distributions, including multi-monitor setups. * New command line tool 'vmware-alias-import' added to 'open-vm-tools' that can be used to import 'vgauth' config data and apply it to the running 'vgauth' service. * Enhancements to support or utilize various vSphere features. * In 'vmtoolsd.service' move the deprecated path '/var/run' to '/run' for it's 'PID' file. (bsc#1185175) * Finalize the 'UsrMerge'. (bsc#1029961) - Changes in version 11.2.5 (bsc#1180997) * Some potential memory leaks were fixed * The SUSE specific vmtoolsd PAM configuration file incorrectly referenced pam_securetty.so Some minor issues have been fixed as well. Please refer to the rpm's changelog file in order to see the full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2628=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2628=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2628=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2628=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2628=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2628=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2628=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2628=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2628=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Manager Proxy 4.0 (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE Enterprise Storage 6 (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 - SUSE CaaS Platform 4.0 (x86_64): libvmtools-devel-11.3.0-4.37.7.1 libvmtools0-11.3.0-4.37.7.1 libvmtools0-debuginfo-11.3.0-4.37.7.1 open-vm-tools-11.3.0-4.37.7.1 open-vm-tools-debuginfo-11.3.0-4.37.7.1 open-vm-tools-debugsource-11.3.0-4.37.7.1 open-vm-tools-desktop-11.3.0-4.37.7.1 open-vm-tools-desktop-debuginfo-11.3.0-4.37.7.1 open-vm-tools-sdmp-11.3.0-4.37.7.1 open-vm-tools-sdmp-debuginfo-11.3.0-4.37.7.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1180997 https://bugzilla.suse.com/1185103 https://bugzilla.suse.com/1185175 https://bugzilla.suse.com/1187567 From sle-updates at lists.suse.com Thu Aug 5 13:51:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:51:04 +0200 (CEST) Subject: SUSE-SU-2021:2615-1: critical: Security update for libsndfile Message-ID: <20210805135104.783D9FCF4@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2615-1 Rating: critical References: #1100167 #1116993 #1117954 #1188540 Cross-References: CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 CVSS scores: CVE-2018-13139 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-13139 (SUSE): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-19432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19432 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-19758 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19758 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3246 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3246 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2615=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2615=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2615=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2615=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2615=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2615=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2615=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2615=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2615=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2615=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2615=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE OpenStack Cloud 9 (x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE OpenStack Cloud 8 (x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile-devel-1.0.25-36.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsndfile-debugsource-1.0.25-36.23.1 libsndfile1-1.0.25-36.23.1 libsndfile1-32bit-1.0.25-36.23.1 libsndfile1-debuginfo-1.0.25-36.23.1 libsndfile1-debuginfo-32bit-1.0.25-36.23.1 References: https://www.suse.com/security/cve/CVE-2018-13139.html https://www.suse.com/security/cve/CVE-2018-19432.html https://www.suse.com/security/cve/CVE-2018-19758.html https://www.suse.com/security/cve/CVE-2021-3246.html https://bugzilla.suse.com/1100167 https://bugzilla.suse.com/1116993 https://bugzilla.suse.com/1117954 https://bugzilla.suse.com/1188540 From sle-updates at lists.suse.com Thu Aug 5 13:52:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:52:40 +0200 (CEST) Subject: SUSE-RU-2021:2625-1: moderate: Recommended update for supportutils Message-ID: <20210805135240.0CCA8FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2625-1 Rating: moderate References: #1185991 #1185993 #1186347 #1186397 #1186687 #1188348 SLE-18240 SLE-18344 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes and contains two features can now be installed. Description: This update for supportutils fixes the following issues: ethtool was updated to version 3.1.17: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) - Adding ethtool options g l m to network.txt (jsc#SLE-18240) - lsof options to improve performance (bsc#1186687) - Exclude rhn.conf from etc.txt (bsc#1186347) - analyzevmcore supports local directories (bsc#1186397) - getappcore checks for valid compression binary (bsc#1185991) - getappcore does not trigger errors with help message (bsc#1185993) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2625=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): supportutils-3.1.17-7.35.5.1 References: https://bugzilla.suse.com/1185991 https://bugzilla.suse.com/1185993 https://bugzilla.suse.com/1186347 https://bugzilla.suse.com/1186397 https://bugzilla.suse.com/1186687 https://bugzilla.suse.com/1188348 From sle-updates at lists.suse.com Thu Aug 5 13:55:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:55:21 +0200 (CEST) Subject: SUSE-RU-2021:2626-1: moderate: Recommended maintenance update for libeconf Message-ID: <20210805135521.B28C9FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended maintenance update for libeconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2626-1 Rating: moderate References: #1188348 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2021-2626=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): libeconf-debugsource-0.3.8+git20200710.5126fff-3.2.1 libeconf0-0.3.8+git20200710.5126fff-3.2.1 libeconf0-debuginfo-0.3.8+git20200710.5126fff-3.2.1 References: https://bugzilla.suse.com/1188348 From sle-updates at lists.suse.com Thu Aug 5 13:57:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:57:32 +0200 (CEST) Subject: SUSE-RU-2021:2624-1: moderate: Recommended update for supportutils Message-ID: <20210805135732.C6901FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2624-1 Rating: moderate References: #1185991 #1185993 #1186347 #1186397 #1186687 SLE-18239 SLE-18344 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 5 recommended fixes and contains two features can now be installed. Description: This update for supportutils fixes the following issues: - Changes to version 3.0.10 - Adding ethtool options to the supportconfigt (jsc#SLE-18239, jsc#SLE-18344) - Fixed and issue when 'lsof' causes performance problems. (bsc#1186687) - Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347) - Fix 'analyzevmcore' to supports local directories. (bsc#1186397) - Fix for 'getappcore' checking for valid compression binary. (bsc#1185991) - Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2624=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2624=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2624=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2624=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2624=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2624=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2624=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2624=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2624=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2624=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2624=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2624=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): supportutils-3.0.10-95.48.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): supportutils-3.0.10-95.48.1 - SUSE OpenStack Cloud 9 (noarch): supportutils-3.0.10-95.48.1 - SUSE OpenStack Cloud 8 (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): supportutils-3.0.10-95.48.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): supportutils-3.0.10-95.48.1 - HPE Helion Openstack 8 (noarch): supportutils-3.0.10-95.48.1 References: https://bugzilla.suse.com/1185991 https://bugzilla.suse.com/1185993 https://bugzilla.suse.com/1186347 https://bugzilla.suse.com/1186397 https://bugzilla.suse.com/1186687 From sle-updates at lists.suse.com Thu Aug 5 13:59:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 15:59:13 +0200 (CEST) Subject: SUSE-SU-2021:2619-1: important: Security update for djvulibre Message-ID: <20210805135913.68B22FCF4@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2619-1 Rating: important References: #1187869 Cross-References: CVE-2021-3630 CVSS scores: CVE-2021-3630 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3630 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2619=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2619=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2619=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2619=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-11.11.1 djvulibre-debuginfo-3.5.27-11.11.1 djvulibre-debugsource-3.5.27-11.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-11.11.1 djvulibre-debuginfo-3.5.27-11.11.1 djvulibre-debugsource-3.5.27-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-11.11.1 djvulibre-debugsource-3.5.27-11.11.1 libdjvulibre-devel-3.5.27-11.11.1 libdjvulibre21-3.5.27-11.11.1 libdjvulibre21-debuginfo-3.5.27-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-11.11.1 djvulibre-debugsource-3.5.27-11.11.1 libdjvulibre-devel-3.5.27-11.11.1 libdjvulibre21-3.5.27-11.11.1 libdjvulibre21-debuginfo-3.5.27-11.11.1 References: https://www.suse.com/security/cve/CVE-2021-3630.html https://bugzilla.suse.com/1187869 From sle-updates at lists.suse.com Thu Aug 5 14:00:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:00:22 +0200 (CEST) Subject: SUSE-SU-2021:2613-1: important: Security update for java-11-openjdk Message-ID: <20210805140022.C35A4FCF4@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2613-1 Rating: important References: #1185476 #1188564 #1188565 #1188566 SLE-5715 Cross-References: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVSS scores: CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-2388 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has one errata is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2613=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.27.2 java-11-openjdk-debuginfo-11.0.12.0-3.27.2 java-11-openjdk-debugsource-11.0.12.0-3.27.2 java-11-openjdk-demo-11.0.12.0-3.27.2 java-11-openjdk-devel-11.0.12.0-3.27.2 java-11-openjdk-headless-11.0.12.0-3.27.2 References: https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2388.html https://bugzilla.suse.com/1185476 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188566 From sle-updates at lists.suse.com Thu Aug 5 14:26:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:26:17 +0200 (CEST) Subject: SUSE-SU-2021:2614-1: important: Security update for spice-vdagent Message-ID: <20210805142617.2498DFD0A@maintenance.suse.de> SUSE Security Update: Security update for spice-vdagent ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2614-1 Rating: important References: #1173749 #1177780 #1177781 #1177782 #1177783 Cross-References: CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 CVSS scores: CVE-2020-25650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25651 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L CVE-2020-25651 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:H CVE-2020-25652 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25652 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25653 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for spice-vdagent fixes the following issues: - Update to version 0.21.0 - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2614=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): spice-vdagent-0.21.0-3.3.1 spice-vdagent-debuginfo-0.21.0-3.3.1 spice-vdagent-debugsource-0.21.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-25650.html https://www.suse.com/security/cve/CVE-2020-25651.html https://www.suse.com/security/cve/CVE-2020-25652.html https://www.suse.com/security/cve/CVE-2020-25653.html https://bugzilla.suse.com/1173749 https://bugzilla.suse.com/1177780 https://bugzilla.suse.com/1177781 https://bugzilla.suse.com/1177782 https://bugzilla.suse.com/1177783 From sle-updates at lists.suse.com Thu Aug 5 14:45:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:45:44 +0200 (CEST) Subject: SUSE-RU-2021:2610-1: moderate: Recommended update for powerpc-utils Message-ID: <20210805144544.194B4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2610-1 Rating: moderate References: #1187182 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Bring up the members of HNV interface together with the HNV link. (bsc#1187182 ltc#192954) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2610=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): powerpc-utils-1.3.8-9.6.1 powerpc-utils-debuginfo-1.3.8-9.6.1 powerpc-utils-debugsource-1.3.8-9.6.1 References: https://bugzilla.suse.com/1187182 From sle-updates at lists.suse.com Thu Aug 5 14:47:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:47:18 +0200 (CEST) Subject: SUSE-SU-2021:2620-1: important: Security update for nodejs8 Message-ID: <20210805144718.9BE38FD0A@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2620-1 Rating: important References: #1182620 #1184450 #1187976 #1187977 Cross-References: CVE-2020-7774 CVE-2021-22884 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-22884 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976) - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2620=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2620=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2620=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2620=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2620=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2620=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2620=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2620=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-2620=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2620=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2620=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2620=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2620=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2620=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Manager Server 4.0 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Manager Retail Branch Server 4.0 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Manager Proxy 4.0 (x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Manager Proxy 4.0 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs-common-2.0-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 - SUSE Enterprise Storage 6 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE CaaS Platform 4.0 (noarch): nodejs-common-2.0-3.2.1 nodejs8-docs-8.17.0-3.47.2 - SUSE CaaS Platform 4.0 (x86_64): nodejs8-8.17.0-3.47.2 nodejs8-debuginfo-8.17.0-3.47.2 nodejs8-debugsource-8.17.0-3.47.2 nodejs8-devel-8.17.0-3.47.2 npm8-8.17.0-3.47.2 References: https://www.suse.com/security/cve/CVE-2020-7774.html https://www.suse.com/security/cve/CVE-2021-22884.html https://www.suse.com/security/cve/CVE-2021-23362.html https://www.suse.com/security/cve/CVE-2021-27290.html https://bugzilla.suse.com/1182620 https://bugzilla.suse.com/1184450 https://bugzilla.suse.com/1187976 https://bugzilla.suse.com/1187977 From sle-updates at lists.suse.com Thu Aug 5 14:49:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:49:30 +0200 (CEST) Subject: SUSE-RU-2021:2623-1: moderate: Recommended update for samba Message-ID: <20210805144930.3EFBDFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2623-1 Rating: moderate References: #1185420 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issues: - Add 'msDS-AdditionalDnsHostName' to the keytab. (bsc#1185420) - Add 'net-ads-join dnshostname' option. (bsc#1185420) - Fix adding 'msDS-AdditionalDnsHostName' to keytab with Windows DC. (bsc#1185420) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-2623=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2623=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2623=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.14+git.260.32282693e40-4.22.2 samba-ad-dc-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-debugsource-4.11.14+git.260.32282693e40-4.22.2 samba-dsdb-modules-4.11.14+git.260.32282693e40-4.22.2 samba-dsdb-modules-debuginfo-4.11.14+git.260.32282693e40-4.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.260.32282693e40-4.22.2 libdcerpc-binding0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libdcerpc-devel-4.11.14+git.260.32282693e40-4.22.2 libdcerpc-samr-devel-4.11.14+git.260.32282693e40-4.22.2 libdcerpc-samr0-4.11.14+git.260.32282693e40-4.22.2 libdcerpc-samr0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libdcerpc0-4.11.14+git.260.32282693e40-4.22.2 libdcerpc0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr-devel-4.11.14+git.260.32282693e40-4.22.2 libndr-krb5pac-devel-4.11.14+git.260.32282693e40-4.22.2 libndr-krb5pac0-4.11.14+git.260.32282693e40-4.22.2 libndr-krb5pac0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr-nbt-devel-4.11.14+git.260.32282693e40-4.22.2 libndr-nbt0-4.11.14+git.260.32282693e40-4.22.2 libndr-nbt0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr-standard-devel-4.11.14+git.260.32282693e40-4.22.2 libndr-standard0-4.11.14+git.260.32282693e40-4.22.2 libndr-standard0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr0-4.11.14+git.260.32282693e40-4.22.2 libndr0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libnetapi-devel-4.11.14+git.260.32282693e40-4.22.2 libnetapi0-4.11.14+git.260.32282693e40-4.22.2 libnetapi0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-credentials-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-credentials0-4.11.14+git.260.32282693e40-4.22.2 libsamba-credentials0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-errors-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-errors0-4.11.14+git.260.32282693e40-4.22.2 libsamba-errors0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-hostconfig-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-hostconfig0-4.11.14+git.260.32282693e40-4.22.2 libsamba-hostconfig0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-passdb-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-passdb0-4.11.14+git.260.32282693e40-4.22.2 libsamba-passdb0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-policy-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-policy-python3-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-policy0-python3-4.11.14+git.260.32282693e40-4.22.2 libsamba-policy0-python3-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-util-devel-4.11.14+git.260.32282693e40-4.22.2 libsamba-util0-4.11.14+git.260.32282693e40-4.22.2 libsamba-util0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamdb-devel-4.11.14+git.260.32282693e40-4.22.2 libsamdb0-4.11.14+git.260.32282693e40-4.22.2 libsamdb0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsmbclient-devel-4.11.14+git.260.32282693e40-4.22.2 libsmbclient0-4.11.14+git.260.32282693e40-4.22.2 libsmbclient0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsmbconf-devel-4.11.14+git.260.32282693e40-4.22.2 libsmbconf0-4.11.14+git.260.32282693e40-4.22.2 libsmbconf0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsmbldap-devel-4.11.14+git.260.32282693e40-4.22.2 libsmbldap2-4.11.14+git.260.32282693e40-4.22.2 libsmbldap2-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libtevent-util-devel-4.11.14+git.260.32282693e40-4.22.2 libtevent-util0-4.11.14+git.260.32282693e40-4.22.2 libtevent-util0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libwbclient-devel-4.11.14+git.260.32282693e40-4.22.2 libwbclient0-4.11.14+git.260.32282693e40-4.22.2 libwbclient0-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-4.11.14+git.260.32282693e40-4.22.2 samba-client-4.11.14+git.260.32282693e40-4.22.2 samba-client-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-core-devel-4.11.14+git.260.32282693e40-4.22.2 samba-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-debugsource-4.11.14+git.260.32282693e40-4.22.2 samba-dsdb-modules-4.11.14+git.260.32282693e40-4.22.2 samba-dsdb-modules-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-libs-4.11.14+git.260.32282693e40-4.22.2 samba-libs-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-libs-python3-4.11.14+git.260.32282693e40-4.22.2 samba-libs-python3-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-python3-4.11.14+git.260.32282693e40-4.22.2 samba-python3-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-winbind-4.11.14+git.260.32282693e40-4.22.2 samba-winbind-debuginfo-4.11.14+git.260.32282693e40-4.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.14+git.260.32282693e40-4.22.2 samba-ceph-debuginfo-4.11.14+git.260.32282693e40-4.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.260.32282693e40-4.22.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libdcerpc0-32bit-4.11.14+git.260.32282693e40-4.22.2 libdcerpc0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr-krb5pac0-32bit-4.11.14+git.260.32282693e40-4.22.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr-nbt0-32bit-4.11.14+git.260.32282693e40-4.22.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr-standard0-32bit-4.11.14+git.260.32282693e40-4.22.2 libndr-standard0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libndr0-32bit-4.11.14+git.260.32282693e40-4.22.2 libndr0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libnetapi0-32bit-4.11.14+git.260.32282693e40-4.22.2 libnetapi0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-credentials0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-errors0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-hostconfig0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-passdb0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamba-util0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsamba-util0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsamdb0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsamdb0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsmbconf0-32bit-4.11.14+git.260.32282693e40-4.22.2 libsmbconf0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libsmbldap2-32bit-4.11.14+git.260.32282693e40-4.22.2 libsmbldap2-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libtevent-util0-32bit-4.11.14+git.260.32282693e40-4.22.2 libtevent-util0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 libwbclient0-32bit-4.11.14+git.260.32282693e40-4.22.2 libwbclient0-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-libs-32bit-4.11.14+git.260.32282693e40-4.22.2 samba-libs-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-winbind-32bit-4.11.14+git.260.32282693e40-4.22.2 samba-winbind-32bit-debuginfo-4.11.14+git.260.32282693e40-4.22.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.260.32282693e40-4.22.2 ctdb-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-debuginfo-4.11.14+git.260.32282693e40-4.22.2 samba-debugsource-4.11.14+git.260.32282693e40-4.22.2 References: https://bugzilla.suse.com/1185420 From sle-updates at lists.suse.com Thu Aug 5 14:38:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:38:40 +0200 (CEST) Subject: SUSE-RU-2021:2629-1: moderate: Recommended update for libreoffice Message-ID: <20210805143840.CAED4FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2629-1 Rating: moderate References: #1178806 #1182969 #1186871 #1187173 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libreoffice fixes the following issues: Update to version 7.1.4.2 (bsc#1178806) - Fix external URL connections issues when WebDav is built using 'libserf'. (bsc#1187173, bsc#1186871) - Fix a regression caused by "Multi column textbox in editengine". - Improve the build time on aarch64 to select only powerful buildhosts. - Fix an issue with PPTX where one column becomes two within one text frame. (bsc#1182969) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2629=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2629=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libreoffice-branding-upstream-7.1.4.2-14.22.10.1 libreoffice-icon-themes-7.1.4.2-14.22.10.1 libreoffice-l10n-af-7.1.4.2-14.22.10.1 libreoffice-l10n-ar-7.1.4.2-14.22.10.1 libreoffice-l10n-as-7.1.4.2-14.22.10.1 libreoffice-l10n-bg-7.1.4.2-14.22.10.1 libreoffice-l10n-bn-7.1.4.2-14.22.10.1 libreoffice-l10n-br-7.1.4.2-14.22.10.1 libreoffice-l10n-ca-7.1.4.2-14.22.10.1 libreoffice-l10n-ckb-7.1.4.2-14.22.10.1 libreoffice-l10n-cs-7.1.4.2-14.22.10.1 libreoffice-l10n-cy-7.1.4.2-14.22.10.1 libreoffice-l10n-da-7.1.4.2-14.22.10.1 libreoffice-l10n-de-7.1.4.2-14.22.10.1 libreoffice-l10n-dz-7.1.4.2-14.22.10.1 libreoffice-l10n-el-7.1.4.2-14.22.10.1 libreoffice-l10n-en-7.1.4.2-14.22.10.1 libreoffice-l10n-eo-7.1.4.2-14.22.10.1 libreoffice-l10n-es-7.1.4.2-14.22.10.1 libreoffice-l10n-et-7.1.4.2-14.22.10.1 libreoffice-l10n-eu-7.1.4.2-14.22.10.1 libreoffice-l10n-fa-7.1.4.2-14.22.10.1 libreoffice-l10n-fi-7.1.4.2-14.22.10.1 libreoffice-l10n-fr-7.1.4.2-14.22.10.1 libreoffice-l10n-fur-7.1.4.2-14.22.10.1 libreoffice-l10n-ga-7.1.4.2-14.22.10.1 libreoffice-l10n-gl-7.1.4.2-14.22.10.1 libreoffice-l10n-gu-7.1.4.2-14.22.10.1 libreoffice-l10n-he-7.1.4.2-14.22.10.1 libreoffice-l10n-hi-7.1.4.2-14.22.10.1 libreoffice-l10n-hr-7.1.4.2-14.22.10.1 libreoffice-l10n-hu-7.1.4.2-14.22.10.1 libreoffice-l10n-it-7.1.4.2-14.22.10.1 libreoffice-l10n-ja-7.1.4.2-14.22.10.1 libreoffice-l10n-kk-7.1.4.2-14.22.10.1 libreoffice-l10n-kn-7.1.4.2-14.22.10.1 libreoffice-l10n-ko-7.1.4.2-14.22.10.1 libreoffice-l10n-lt-7.1.4.2-14.22.10.1 libreoffice-l10n-lv-7.1.4.2-14.22.10.1 libreoffice-l10n-mai-7.1.4.2-14.22.10.1 libreoffice-l10n-ml-7.1.4.2-14.22.10.1 libreoffice-l10n-mr-7.1.4.2-14.22.10.1 libreoffice-l10n-nb-7.1.4.2-14.22.10.1 libreoffice-l10n-nl-7.1.4.2-14.22.10.1 libreoffice-l10n-nn-7.1.4.2-14.22.10.1 libreoffice-l10n-nr-7.1.4.2-14.22.10.1 libreoffice-l10n-nso-7.1.4.2-14.22.10.1 libreoffice-l10n-or-7.1.4.2-14.22.10.1 libreoffice-l10n-pa-7.1.4.2-14.22.10.1 libreoffice-l10n-pl-7.1.4.2-14.22.10.1 libreoffice-l10n-pt_BR-7.1.4.2-14.22.10.1 libreoffice-l10n-pt_PT-7.1.4.2-14.22.10.1 libreoffice-l10n-ro-7.1.4.2-14.22.10.1 libreoffice-l10n-ru-7.1.4.2-14.22.10.1 libreoffice-l10n-si-7.1.4.2-14.22.10.1 libreoffice-l10n-sk-7.1.4.2-14.22.10.1 libreoffice-l10n-sl-7.1.4.2-14.22.10.1 libreoffice-l10n-sr-7.1.4.2-14.22.10.1 libreoffice-l10n-ss-7.1.4.2-14.22.10.1 libreoffice-l10n-st-7.1.4.2-14.22.10.1 libreoffice-l10n-sv-7.1.4.2-14.22.10.1 libreoffice-l10n-ta-7.1.4.2-14.22.10.1 libreoffice-l10n-te-7.1.4.2-14.22.10.1 libreoffice-l10n-th-7.1.4.2-14.22.10.1 libreoffice-l10n-tn-7.1.4.2-14.22.10.1 libreoffice-l10n-tr-7.1.4.2-14.22.10.1 libreoffice-l10n-ts-7.1.4.2-14.22.10.1 libreoffice-l10n-uk-7.1.4.2-14.22.10.1 libreoffice-l10n-ve-7.1.4.2-14.22.10.1 libreoffice-l10n-xh-7.1.4.2-14.22.10.1 libreoffice-l10n-zh_CN-7.1.4.2-14.22.10.1 libreoffice-l10n-zh_TW-7.1.4.2-14.22.10.1 libreoffice-l10n-zu-7.1.4.2-14.22.10.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libreoffice-7.1.4.2-14.22.10.1 libreoffice-base-7.1.4.2-14.22.10.1 libreoffice-base-debuginfo-7.1.4.2-14.22.10.1 libreoffice-base-drivers-postgresql-7.1.4.2-14.22.10.1 libreoffice-base-drivers-postgresql-debuginfo-7.1.4.2-14.22.10.1 libreoffice-calc-7.1.4.2-14.22.10.1 libreoffice-calc-debuginfo-7.1.4.2-14.22.10.1 libreoffice-calc-extensions-7.1.4.2-14.22.10.1 libreoffice-debuginfo-7.1.4.2-14.22.10.1 libreoffice-debugsource-7.1.4.2-14.22.10.1 libreoffice-draw-7.1.4.2-14.22.10.1 libreoffice-draw-debuginfo-7.1.4.2-14.22.10.1 libreoffice-filters-optional-7.1.4.2-14.22.10.1 libreoffice-gnome-7.1.4.2-14.22.10.1 libreoffice-gnome-debuginfo-7.1.4.2-14.22.10.1 libreoffice-gtk3-7.1.4.2-14.22.10.1 libreoffice-gtk3-debuginfo-7.1.4.2-14.22.10.1 libreoffice-impress-7.1.4.2-14.22.10.1 libreoffice-impress-debuginfo-7.1.4.2-14.22.10.1 libreoffice-mailmerge-7.1.4.2-14.22.10.1 libreoffice-math-7.1.4.2-14.22.10.1 libreoffice-math-debuginfo-7.1.4.2-14.22.10.1 libreoffice-officebean-7.1.4.2-14.22.10.1 libreoffice-officebean-debuginfo-7.1.4.2-14.22.10.1 libreoffice-pyuno-7.1.4.2-14.22.10.1 libreoffice-pyuno-debuginfo-7.1.4.2-14.22.10.1 libreoffice-writer-7.1.4.2-14.22.10.1 libreoffice-writer-debuginfo-7.1.4.2-14.22.10.1 libreoffice-writer-extensions-7.1.4.2-14.22.10.1 libreofficekit-7.1.4.2-14.22.10.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le): libreoffice-7.1.4.2-14.22.10.1 libreoffice-base-7.1.4.2-14.22.10.1 libreoffice-base-debuginfo-7.1.4.2-14.22.10.1 libreoffice-base-drivers-postgresql-7.1.4.2-14.22.10.1 libreoffice-base-drivers-postgresql-debuginfo-7.1.4.2-14.22.10.1 libreoffice-calc-7.1.4.2-14.22.10.1 libreoffice-calc-debuginfo-7.1.4.2-14.22.10.1 libreoffice-calc-extensions-7.1.4.2-14.22.10.1 libreoffice-debuginfo-7.1.4.2-14.22.10.1 libreoffice-debugsource-7.1.4.2-14.22.10.1 libreoffice-draw-7.1.4.2-14.22.10.1 libreoffice-draw-debuginfo-7.1.4.2-14.22.10.1 libreoffice-filters-optional-7.1.4.2-14.22.10.1 libreoffice-gnome-7.1.4.2-14.22.10.1 libreoffice-gnome-debuginfo-7.1.4.2-14.22.10.1 libreoffice-gtk3-7.1.4.2-14.22.10.1 libreoffice-gtk3-debuginfo-7.1.4.2-14.22.10.1 libreoffice-impress-7.1.4.2-14.22.10.1 libreoffice-impress-debuginfo-7.1.4.2-14.22.10.1 libreoffice-librelogo-7.1.4.2-14.22.10.1 libreoffice-mailmerge-7.1.4.2-14.22.10.1 libreoffice-math-7.1.4.2-14.22.10.1 libreoffice-math-debuginfo-7.1.4.2-14.22.10.1 libreoffice-officebean-7.1.4.2-14.22.10.1 libreoffice-officebean-debuginfo-7.1.4.2-14.22.10.1 libreoffice-pyuno-7.1.4.2-14.22.10.1 libreoffice-pyuno-debuginfo-7.1.4.2-14.22.10.1 libreoffice-qt5-7.1.4.2-14.22.10.1 libreoffice-qt5-debuginfo-7.1.4.2-14.22.10.1 libreoffice-sdk-7.1.4.2-14.22.10.1 libreoffice-sdk-debuginfo-7.1.4.2-14.22.10.1 libreoffice-sdk-doc-7.1.4.2-14.22.10.1 libreoffice-writer-7.1.4.2-14.22.10.1 libreoffice-writer-debuginfo-7.1.4.2-14.22.10.1 libreoffice-writer-extensions-7.1.4.2-14.22.10.1 libreofficekit-7.1.4.2-14.22.10.1 libreofficekit-devel-7.1.4.2-14.22.10.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libreoffice-branding-upstream-7.1.4.2-14.22.10.1 libreoffice-gdb-pretty-printers-7.1.4.2-14.22.10.1 libreoffice-glade-7.1.4.2-14.22.10.1 libreoffice-icon-themes-7.1.4.2-14.22.10.1 libreoffice-l10n-af-7.1.4.2-14.22.10.1 libreoffice-l10n-am-7.1.4.2-14.22.10.1 libreoffice-l10n-ar-7.1.4.2-14.22.10.1 libreoffice-l10n-as-7.1.4.2-14.22.10.1 libreoffice-l10n-ast-7.1.4.2-14.22.10.1 libreoffice-l10n-be-7.1.4.2-14.22.10.1 libreoffice-l10n-bg-7.1.4.2-14.22.10.1 libreoffice-l10n-bn-7.1.4.2-14.22.10.1 libreoffice-l10n-bn_IN-7.1.4.2-14.22.10.1 libreoffice-l10n-bo-7.1.4.2-14.22.10.1 libreoffice-l10n-br-7.1.4.2-14.22.10.1 libreoffice-l10n-brx-7.1.4.2-14.22.10.1 libreoffice-l10n-bs-7.1.4.2-14.22.10.1 libreoffice-l10n-ca-7.1.4.2-14.22.10.1 libreoffice-l10n-ca_valencia-7.1.4.2-14.22.10.1 libreoffice-l10n-ckb-7.1.4.2-14.22.10.1 libreoffice-l10n-cs-7.1.4.2-14.22.10.1 libreoffice-l10n-cy-7.1.4.2-14.22.10.1 libreoffice-l10n-da-7.1.4.2-14.22.10.1 libreoffice-l10n-de-7.1.4.2-14.22.10.1 libreoffice-l10n-dgo-7.1.4.2-14.22.10.1 libreoffice-l10n-dsb-7.1.4.2-14.22.10.1 libreoffice-l10n-dz-7.1.4.2-14.22.10.1 libreoffice-l10n-el-7.1.4.2-14.22.10.1 libreoffice-l10n-en-7.1.4.2-14.22.10.1 libreoffice-l10n-en_GB-7.1.4.2-14.22.10.1 libreoffice-l10n-en_ZA-7.1.4.2-14.22.10.1 libreoffice-l10n-eo-7.1.4.2-14.22.10.1 libreoffice-l10n-es-7.1.4.2-14.22.10.1 libreoffice-l10n-et-7.1.4.2-14.22.10.1 libreoffice-l10n-eu-7.1.4.2-14.22.10.1 libreoffice-l10n-fa-7.1.4.2-14.22.10.1 libreoffice-l10n-fi-7.1.4.2-14.22.10.1 libreoffice-l10n-fr-7.1.4.2-14.22.10.1 libreoffice-l10n-fur-7.1.4.2-14.22.10.1 libreoffice-l10n-fy-7.1.4.2-14.22.10.1 libreoffice-l10n-ga-7.1.4.2-14.22.10.1 libreoffice-l10n-gd-7.1.4.2-14.22.10.1 libreoffice-l10n-gl-7.1.4.2-14.22.10.1 libreoffice-l10n-gu-7.1.4.2-14.22.10.1 libreoffice-l10n-gug-7.1.4.2-14.22.10.1 libreoffice-l10n-he-7.1.4.2-14.22.10.1 libreoffice-l10n-hi-7.1.4.2-14.22.10.1 libreoffice-l10n-hr-7.1.4.2-14.22.10.1 libreoffice-l10n-hsb-7.1.4.2-14.22.10.1 libreoffice-l10n-hu-7.1.4.2-14.22.10.1 libreoffice-l10n-id-7.1.4.2-14.22.10.1 libreoffice-l10n-is-7.1.4.2-14.22.10.1 libreoffice-l10n-it-7.1.4.2-14.22.10.1 libreoffice-l10n-ja-7.1.4.2-14.22.10.1 libreoffice-l10n-ka-7.1.4.2-14.22.10.1 libreoffice-l10n-kab-7.1.4.2-14.22.10.1 libreoffice-l10n-kk-7.1.4.2-14.22.10.1 libreoffice-l10n-km-7.1.4.2-14.22.10.1 libreoffice-l10n-kmr_Latn-7.1.4.2-14.22.10.1 libreoffice-l10n-kn-7.1.4.2-14.22.10.1 libreoffice-l10n-ko-7.1.4.2-14.22.10.1 libreoffice-l10n-kok-7.1.4.2-14.22.10.1 libreoffice-l10n-ks-7.1.4.2-14.22.10.1 libreoffice-l10n-lb-7.1.4.2-14.22.10.1 libreoffice-l10n-lo-7.1.4.2-14.22.10.1 libreoffice-l10n-lt-7.1.4.2-14.22.10.1 libreoffice-l10n-lv-7.1.4.2-14.22.10.1 libreoffice-l10n-mai-7.1.4.2-14.22.10.1 libreoffice-l10n-mk-7.1.4.2-14.22.10.1 libreoffice-l10n-ml-7.1.4.2-14.22.10.1 libreoffice-l10n-mn-7.1.4.2-14.22.10.1 libreoffice-l10n-mni-7.1.4.2-14.22.10.1 libreoffice-l10n-mr-7.1.4.2-14.22.10.1 libreoffice-l10n-my-7.1.4.2-14.22.10.1 libreoffice-l10n-nb-7.1.4.2-14.22.10.1 libreoffice-l10n-ne-7.1.4.2-14.22.10.1 libreoffice-l10n-nl-7.1.4.2-14.22.10.1 libreoffice-l10n-nn-7.1.4.2-14.22.10.1 libreoffice-l10n-nr-7.1.4.2-14.22.10.1 libreoffice-l10n-nso-7.1.4.2-14.22.10.1 libreoffice-l10n-oc-7.1.4.2-14.22.10.1 libreoffice-l10n-om-7.1.4.2-14.22.10.1 libreoffice-l10n-or-7.1.4.2-14.22.10.1 libreoffice-l10n-pa-7.1.4.2-14.22.10.1 libreoffice-l10n-pl-7.1.4.2-14.22.10.1 libreoffice-l10n-pt_BR-7.1.4.2-14.22.10.1 libreoffice-l10n-pt_PT-7.1.4.2-14.22.10.1 libreoffice-l10n-ro-7.1.4.2-14.22.10.1 libreoffice-l10n-ru-7.1.4.2-14.22.10.1 libreoffice-l10n-rw-7.1.4.2-14.22.10.1 libreoffice-l10n-sa_IN-7.1.4.2-14.22.10.1 libreoffice-l10n-sat-7.1.4.2-14.22.10.1 libreoffice-l10n-sd-7.1.4.2-14.22.10.1 libreoffice-l10n-si-7.1.4.2-14.22.10.1 libreoffice-l10n-sid-7.1.4.2-14.22.10.1 libreoffice-l10n-sk-7.1.4.2-14.22.10.1 libreoffice-l10n-sl-7.1.4.2-14.22.10.1 libreoffice-l10n-sq-7.1.4.2-14.22.10.1 libreoffice-l10n-sr-7.1.4.2-14.22.10.1 libreoffice-l10n-ss-7.1.4.2-14.22.10.1 libreoffice-l10n-st-7.1.4.2-14.22.10.1 libreoffice-l10n-sv-7.1.4.2-14.22.10.1 libreoffice-l10n-sw_TZ-7.1.4.2-14.22.10.1 libreoffice-l10n-szl-7.1.4.2-14.22.10.1 libreoffice-l10n-ta-7.1.4.2-14.22.10.1 libreoffice-l10n-te-7.1.4.2-14.22.10.1 libreoffice-l10n-tg-7.1.4.2-14.22.10.1 libreoffice-l10n-th-7.1.4.2-14.22.10.1 libreoffice-l10n-tn-7.1.4.2-14.22.10.1 libreoffice-l10n-tr-7.1.4.2-14.22.10.1 libreoffice-l10n-ts-7.1.4.2-14.22.10.1 libreoffice-l10n-tt-7.1.4.2-14.22.10.1 libreoffice-l10n-ug-7.1.4.2-14.22.10.1 libreoffice-l10n-uk-7.1.4.2-14.22.10.1 libreoffice-l10n-uz-7.1.4.2-14.22.10.1 libreoffice-l10n-ve-7.1.4.2-14.22.10.1 libreoffice-l10n-vec-7.1.4.2-14.22.10.1 libreoffice-l10n-vi-7.1.4.2-14.22.10.1 libreoffice-l10n-xh-7.1.4.2-14.22.10.1 libreoffice-l10n-zh_CN-7.1.4.2-14.22.10.1 libreoffice-l10n-zh_TW-7.1.4.2-14.22.10.1 libreoffice-l10n-zu-7.1.4.2-14.22.10.1 References: https://bugzilla.suse.com/1178806 https://bugzilla.suse.com/1182969 https://bugzilla.suse.com/1186871 https://bugzilla.suse.com/1187173 From sle-updates at lists.suse.com Thu Aug 5 14:50:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:50:40 +0200 (CEST) Subject: SUSE-RU-2021:2611-1: moderate: Recommended update for resource-agents Message-ID: <20210805145040.B9FE7FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2611-1 Rating: moderate References: #1186652 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Adapt the makefile to the new 'GCP Load Balancer Resource Agent'. (bsc#1186652) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2611=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-8.8.1 resource-agents-4.8.0+git30.d0077df0-8.8.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-8.8.1 resource-agents-debugsource-4.8.0+git30.d0077df0-8.8.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-8.8.1 References: https://bugzilla.suse.com/1186652 From sle-updates at lists.suse.com Thu Aug 5 14:51:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:51:44 +0200 (CEST) Subject: SUSE-SU-2021:2618-1: important: Security update for nodejs8 Message-ID: <20210805145144.88489FCF4@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2618-1 Rating: important References: #1184450 #1187976 #1187977 Cross-References: CVE-2020-7774 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976) - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977) - CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-2618=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-10.12.2 nodejs8-debuginfo-8.17.0-10.12.2 nodejs8-debugsource-8.17.0-10.12.2 nodejs8-devel-8.17.0-10.12.2 npm8-8.17.0-10.12.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs8-docs-8.17.0-10.12.2 References: https://www.suse.com/security/cve/CVE-2020-7774.html https://www.suse.com/security/cve/CVE-2021-23362.html https://www.suse.com/security/cve/CVE-2021-27290.html https://bugzilla.suse.com/1184450 https://bugzilla.suse.com/1187976 https://bugzilla.suse.com/1187977 From sle-updates at lists.suse.com Thu Aug 5 14:56:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:56:04 +0200 (CEST) Subject: SUSE-SU-2021:2616-1: important: Security update for mariadb Message-ID: <20210805145604.13CC4FCF4@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2616-1 Rating: important References: #1182739 #1183770 #1185870 #1185872 Cross-References: CVE-2021-2154 CVE-2021-2166 CVE-2021-27928 CVSS scores: CVE-2021-2154 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2154 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-27928 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27928 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2616=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.4.20-3.9.1 libmariadbd19-10.4.20-3.9.1 libmariadbd19-debuginfo-10.4.20-3.9.1 mariadb-10.4.20-3.9.1 mariadb-client-10.4.20-3.9.1 mariadb-client-debuginfo-10.4.20-3.9.1 mariadb-debuginfo-10.4.20-3.9.1 mariadb-debugsource-10.4.20-3.9.1 mariadb-tools-10.4.20-3.9.1 mariadb-tools-debuginfo-10.4.20-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): mariadb-errormessages-10.4.20-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-2154.html https://www.suse.com/security/cve/CVE-2021-2166.html https://www.suse.com/security/cve/CVE-2021-27928.html https://bugzilla.suse.com/1182739 https://bugzilla.suse.com/1183770 https://bugzilla.suse.com/1185870 https://bugzilla.suse.com/1185872 From sle-updates at lists.suse.com Thu Aug 5 14:59:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 16:59:03 +0200 (CEST) Subject: SUSE-RU-2021:2630-1: moderate: Recommended update for crash Message-ID: <20210805145903.0AAFDFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2630-1 Rating: moderate References: #1185209 #1187634 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crash fixes the following issue: - Use the value of 'xen_start_info' to determine whether the kernel is running in Xen ParaVirtual OPerationS (PVOPS) mode. (bsc#1187634) - Fix backtrace command when analyzing dump. (bsc#1185209) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2630=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): crash-7.2.9-23.5.3 crash-debuginfo-7.2.9-23.5.3 crash-debugsource-7.2.9-23.5.3 crash-devel-7.2.9-23.5.3 crash-kmp-default-7.2.9_k5.3.18_59.16-23.5.3 crash-kmp-default-debuginfo-7.2.9_k5.3.18_59.16-23.5.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64): crash-kmp-64kb-7.2.9_k5.3.18_59.16-23.5.3 crash-kmp-64kb-debuginfo-7.2.9_k5.3.18_59.16-23.5.3 References: https://bugzilla.suse.com/1185209 https://bugzilla.suse.com/1187634 From sle-updates at lists.suse.com Thu Aug 5 15:11:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 17:11:05 +0200 (CEST) Subject: SUSE-RU-2021:2627-1: moderate: Recommended maintenance update for systemd-default-settings Message-ID: <20210805151105.4E97FFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended maintenance update for systemd-default-settings ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2627-1 Rating: moderate References: #1188348 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2627=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-default-settings-0.7-3.2.1 systemd-default-settings-branding-SLE-0.7-3.2.1 References: https://bugzilla.suse.com/1188348 From sle-updates at lists.suse.com Thu Aug 5 15:13:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 17:13:52 +0200 (CEST) Subject: SUSE-SU-2021:2612-1: important: Security update for apache-commons-compress Message-ID: <20210805151352.E01A3FD0A@maintenance.suse.de> SUSE Security Update: Security update for apache-commons-compress ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2612-1 Rating: important References: #1188463 #1188464 #1188465 #1188466 Cross-References: CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 CVSS scores: CVE-2021-35515 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-35515 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-35516 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-35517 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36090 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36090 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for apache-commons-compress fixes the following issues: - Updated to 1.21 - CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. (bsc#1188463) - CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. (bsc#1188464) - CVE-2021-35517: Fixed an excessive memory allocation when reading a specially crafted TAR archive. (bsc#1188465) - CVE-2021-36090: Fixed an excessive memory allocation when reading a specially crafted ZIP archive. (bsc#1188466) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2612=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2612=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): apache-commons-compress-1.21-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): apache-commons-compress-1.21-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-35515.html https://www.suse.com/security/cve/CVE-2021-35516.html https://www.suse.com/security/cve/CVE-2021-35517.html https://www.suse.com/security/cve/CVE-2021-36090.html https://bugzilla.suse.com/1188463 https://bugzilla.suse.com/1188464 https://bugzilla.suse.com/1188465 https://bugzilla.suse.com/1188466 From sle-updates at lists.suse.com Thu Aug 5 15:15:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Aug 2021 17:15:24 +0200 (CEST) Subject: SUSE-SU-2021:2599-2: important: Security update for the Linux Kernel Message-ID: <20210805151524.AA91FFD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2599-2 Rating: important References: #1065729 #1085224 #1094840 #1152472 #1152489 #1155518 #1170511 #1179243 #1180092 #1183871 #1184114 #1184804 #1185308 #1185791 #1186206 #1187215 #1187585 #1188036 #1188080 #1188116 #1188121 #1188176 #1188267 #1188268 #1188269 #1188405 #1188525 SLE-17042 SLE-17043 SLE-17268 Cross-References: CVE-2021-22555 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVSS scores: CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that solves four vulnerabilities, contains three features and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed a bug where modules signature verification did not occur if CONFIG_MODULE_SIG is not set, regardless of the value of module.sig_enforce command-line argument. (bnc#1188080) The following non-security bugs were fixed: - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: Fix memory leak caused by _CID repair function (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) Backporting changes: * context changes - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) Backporting changes: * context changes - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) Backporting changes: * unsigned long -> uint32_t - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) Backporting changes: * only panel-samsung-s6d16d0.c exists - drm/msm: Small msm_gem_purge() fix (bsc#1152489) Backporting changes: * context changes * GEM_WARN_ON() -> WARN_ON() - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) Backporting changes: * context changes - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) Backporting changes: * context changes * vc4_hdmi -> vc4->hdmi - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - mac80211: drop pending frames on stop (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: fix device register error path (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - nvme: fix in-casule data send for chained sgls (git-fixes). - nvme: introduce nvme_rdma_sgl structure (git-fixes). - nvme: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: remove wrong GLOBETROTTER.cis entry (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - tcp: Remove superfluous BH-disable around listening_hash (bsc#1188525). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - tpm: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm: Reserve locality in tpm_tis_resume() (bsc#1188036). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing: Fix parsing of "sym-offset" modifier (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify and fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509). - Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - UsrMerge the kernel (boo#1184804) - vfio: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors and warnings (git-fixes). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xhci: solve a double free problem while doing s4 (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2599=1 Package List: - SUSE MicroOS 5.0 (x86_64): kernel-rt-5.3.18-45.3 kernel-rt-debuginfo-5.3.18-45.3 kernel-rt-debugsource-5.3.18-45.3 References: https://www.suse.com/security/cve/CVE-2021-22555.html https://www.suse.com/security/cve/CVE-2021-35039.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3612.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1170511 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1180092 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185308 https://bugzilla.suse.com/1185791 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1187585 https://bugzilla.suse.com/1188036 https://bugzilla.suse.com/1188080 https://bugzilla.suse.com/1188116 https://bugzilla.suse.com/1188121 https://bugzilla.suse.com/1188176 https://bugzilla.suse.com/1188267 https://bugzilla.suse.com/1188268 https://bugzilla.suse.com/1188269 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188525 From sle-updates at lists.suse.com Fri Aug 6 13:26:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:26:07 +0200 (CEST) Subject: SUSE-SU-2021:2637-1: important: Security update for php7 Message-ID: <20210806132607.350DAFCEF@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2637-1 Rating: important References: #1188035 #1188037 Cross-References: CVE-2021-21704 CVE-2021-21705 CVSS scores: CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). - CVE-2021-21705: Fixed SSRF bypass in FILTER_VALIDATE_URL (bsc#1188037). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-2637=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-2637=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2637=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2637=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.22.1 apache2-mod_php7-debuginfo-7.4.6-3.22.1 php7-7.4.6-3.22.1 php7-bcmath-7.4.6-3.22.1 php7-bcmath-debuginfo-7.4.6-3.22.1 php7-bz2-7.4.6-3.22.1 php7-bz2-debuginfo-7.4.6-3.22.1 php7-calendar-7.4.6-3.22.1 php7-calendar-debuginfo-7.4.6-3.22.1 php7-ctype-7.4.6-3.22.1 php7-ctype-debuginfo-7.4.6-3.22.1 php7-curl-7.4.6-3.22.1 php7-curl-debuginfo-7.4.6-3.22.1 php7-dba-7.4.6-3.22.1 php7-dba-debuginfo-7.4.6-3.22.1 php7-debuginfo-7.4.6-3.22.1 php7-debugsource-7.4.6-3.22.1 php7-devel-7.4.6-3.22.1 php7-dom-7.4.6-3.22.1 php7-dom-debuginfo-7.4.6-3.22.1 php7-enchant-7.4.6-3.22.1 php7-enchant-debuginfo-7.4.6-3.22.1 php7-exif-7.4.6-3.22.1 php7-exif-debuginfo-7.4.6-3.22.1 php7-fastcgi-7.4.6-3.22.1 php7-fastcgi-debuginfo-7.4.6-3.22.1 php7-fileinfo-7.4.6-3.22.1 php7-fileinfo-debuginfo-7.4.6-3.22.1 php7-fpm-7.4.6-3.22.1 php7-fpm-debuginfo-7.4.6-3.22.1 php7-ftp-7.4.6-3.22.1 php7-ftp-debuginfo-7.4.6-3.22.1 php7-gd-7.4.6-3.22.1 php7-gd-debuginfo-7.4.6-3.22.1 php7-gettext-7.4.6-3.22.1 php7-gettext-debuginfo-7.4.6-3.22.1 php7-gmp-7.4.6-3.22.1 php7-gmp-debuginfo-7.4.6-3.22.1 php7-iconv-7.4.6-3.22.1 php7-iconv-debuginfo-7.4.6-3.22.1 php7-intl-7.4.6-3.22.1 php7-intl-debuginfo-7.4.6-3.22.1 php7-json-7.4.6-3.22.1 php7-json-debuginfo-7.4.6-3.22.1 php7-ldap-7.4.6-3.22.1 php7-ldap-debuginfo-7.4.6-3.22.1 php7-mbstring-7.4.6-3.22.1 php7-mbstring-debuginfo-7.4.6-3.22.1 php7-mysql-7.4.6-3.22.1 php7-mysql-debuginfo-7.4.6-3.22.1 php7-odbc-7.4.6-3.22.1 php7-odbc-debuginfo-7.4.6-3.22.1 php7-opcache-7.4.6-3.22.1 php7-opcache-debuginfo-7.4.6-3.22.1 php7-openssl-7.4.6-3.22.1 php7-openssl-debuginfo-7.4.6-3.22.1 php7-pcntl-7.4.6-3.22.1 php7-pcntl-debuginfo-7.4.6-3.22.1 php7-pdo-7.4.6-3.22.1 php7-pdo-debuginfo-7.4.6-3.22.1 php7-pgsql-7.4.6-3.22.1 php7-pgsql-debuginfo-7.4.6-3.22.1 php7-phar-7.4.6-3.22.1 php7-phar-debuginfo-7.4.6-3.22.1 php7-posix-7.4.6-3.22.1 php7-posix-debuginfo-7.4.6-3.22.1 php7-readline-7.4.6-3.22.1 php7-readline-debuginfo-7.4.6-3.22.1 php7-shmop-7.4.6-3.22.1 php7-shmop-debuginfo-7.4.6-3.22.1 php7-snmp-7.4.6-3.22.1 php7-snmp-debuginfo-7.4.6-3.22.1 php7-soap-7.4.6-3.22.1 php7-soap-debuginfo-7.4.6-3.22.1 php7-sockets-7.4.6-3.22.1 php7-sockets-debuginfo-7.4.6-3.22.1 php7-sodium-7.4.6-3.22.1 php7-sodium-debuginfo-7.4.6-3.22.1 php7-sqlite-7.4.6-3.22.1 php7-sqlite-debuginfo-7.4.6-3.22.1 php7-sysvmsg-7.4.6-3.22.1 php7-sysvmsg-debuginfo-7.4.6-3.22.1 php7-sysvsem-7.4.6-3.22.1 php7-sysvsem-debuginfo-7.4.6-3.22.1 php7-sysvshm-7.4.6-3.22.1 php7-sysvshm-debuginfo-7.4.6-3.22.1 php7-tidy-7.4.6-3.22.1 php7-tidy-debuginfo-7.4.6-3.22.1 php7-tokenizer-7.4.6-3.22.1 php7-tokenizer-debuginfo-7.4.6-3.22.1 php7-xmlreader-7.4.6-3.22.1 php7-xmlreader-debuginfo-7.4.6-3.22.1 php7-xmlrpc-7.4.6-3.22.1 php7-xmlrpc-debuginfo-7.4.6-3.22.1 php7-xmlwriter-7.4.6-3.22.1 php7-xmlwriter-debuginfo-7.4.6-3.22.1 php7-xsl-7.4.6-3.22.1 php7-xsl-debuginfo-7.4.6-3.22.1 php7-zip-7.4.6-3.22.1 php7-zip-debuginfo-7.4.6-3.22.1 php7-zlib-7.4.6-3.22.1 php7-zlib-debuginfo-7.4.6-3.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.22.1 apache2-mod_php7-debuginfo-7.4.6-3.22.1 php7-7.4.6-3.22.1 php7-bcmath-7.4.6-3.22.1 php7-bcmath-debuginfo-7.4.6-3.22.1 php7-bz2-7.4.6-3.22.1 php7-bz2-debuginfo-7.4.6-3.22.1 php7-calendar-7.4.6-3.22.1 php7-calendar-debuginfo-7.4.6-3.22.1 php7-ctype-7.4.6-3.22.1 php7-ctype-debuginfo-7.4.6-3.22.1 php7-curl-7.4.6-3.22.1 php7-curl-debuginfo-7.4.6-3.22.1 php7-dba-7.4.6-3.22.1 php7-dba-debuginfo-7.4.6-3.22.1 php7-debuginfo-7.4.6-3.22.1 php7-debugsource-7.4.6-3.22.1 php7-devel-7.4.6-3.22.1 php7-dom-7.4.6-3.22.1 php7-dom-debuginfo-7.4.6-3.22.1 php7-enchant-7.4.6-3.22.1 php7-enchant-debuginfo-7.4.6-3.22.1 php7-exif-7.4.6-3.22.1 php7-exif-debuginfo-7.4.6-3.22.1 php7-fastcgi-7.4.6-3.22.1 php7-fastcgi-debuginfo-7.4.6-3.22.1 php7-fileinfo-7.4.6-3.22.1 php7-fileinfo-debuginfo-7.4.6-3.22.1 php7-fpm-7.4.6-3.22.1 php7-fpm-debuginfo-7.4.6-3.22.1 php7-ftp-7.4.6-3.22.1 php7-ftp-debuginfo-7.4.6-3.22.1 php7-gd-7.4.6-3.22.1 php7-gd-debuginfo-7.4.6-3.22.1 php7-gettext-7.4.6-3.22.1 php7-gettext-debuginfo-7.4.6-3.22.1 php7-gmp-7.4.6-3.22.1 php7-gmp-debuginfo-7.4.6-3.22.1 php7-iconv-7.4.6-3.22.1 php7-iconv-debuginfo-7.4.6-3.22.1 php7-intl-7.4.6-3.22.1 php7-intl-debuginfo-7.4.6-3.22.1 php7-json-7.4.6-3.22.1 php7-json-debuginfo-7.4.6-3.22.1 php7-ldap-7.4.6-3.22.1 php7-ldap-debuginfo-7.4.6-3.22.1 php7-mbstring-7.4.6-3.22.1 php7-mbstring-debuginfo-7.4.6-3.22.1 php7-mysql-7.4.6-3.22.1 php7-mysql-debuginfo-7.4.6-3.22.1 php7-odbc-7.4.6-3.22.1 php7-odbc-debuginfo-7.4.6-3.22.1 php7-opcache-7.4.6-3.22.1 php7-opcache-debuginfo-7.4.6-3.22.1 php7-openssl-7.4.6-3.22.1 php7-openssl-debuginfo-7.4.6-3.22.1 php7-pcntl-7.4.6-3.22.1 php7-pcntl-debuginfo-7.4.6-3.22.1 php7-pdo-7.4.6-3.22.1 php7-pdo-debuginfo-7.4.6-3.22.1 php7-pgsql-7.4.6-3.22.1 php7-pgsql-debuginfo-7.4.6-3.22.1 php7-phar-7.4.6-3.22.1 php7-phar-debuginfo-7.4.6-3.22.1 php7-posix-7.4.6-3.22.1 php7-posix-debuginfo-7.4.6-3.22.1 php7-readline-7.4.6-3.22.1 php7-readline-debuginfo-7.4.6-3.22.1 php7-shmop-7.4.6-3.22.1 php7-shmop-debuginfo-7.4.6-3.22.1 php7-snmp-7.4.6-3.22.1 php7-snmp-debuginfo-7.4.6-3.22.1 php7-soap-7.4.6-3.22.1 php7-soap-debuginfo-7.4.6-3.22.1 php7-sockets-7.4.6-3.22.1 php7-sockets-debuginfo-7.4.6-3.22.1 php7-sodium-7.4.6-3.22.1 php7-sodium-debuginfo-7.4.6-3.22.1 php7-sqlite-7.4.6-3.22.1 php7-sqlite-debuginfo-7.4.6-3.22.1 php7-sysvmsg-7.4.6-3.22.1 php7-sysvmsg-debuginfo-7.4.6-3.22.1 php7-sysvsem-7.4.6-3.22.1 php7-sysvsem-debuginfo-7.4.6-3.22.1 php7-sysvshm-7.4.6-3.22.1 php7-sysvshm-debuginfo-7.4.6-3.22.1 php7-tidy-7.4.6-3.22.1 php7-tidy-debuginfo-7.4.6-3.22.1 php7-tokenizer-7.4.6-3.22.1 php7-tokenizer-debuginfo-7.4.6-3.22.1 php7-xmlreader-7.4.6-3.22.1 php7-xmlreader-debuginfo-7.4.6-3.22.1 php7-xmlrpc-7.4.6-3.22.1 php7-xmlrpc-debuginfo-7.4.6-3.22.1 php7-xmlwriter-7.4.6-3.22.1 php7-xmlwriter-debuginfo-7.4.6-3.22.1 php7-xsl-7.4.6-3.22.1 php7-xsl-debuginfo-7.4.6-3.22.1 php7-zip-7.4.6-3.22.1 php7-zip-debuginfo-7.4.6-3.22.1 php7-zlib-7.4.6-3.22.1 php7-zlib-debuginfo-7.4.6-3.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.22.1 php7-debugsource-7.4.6-3.22.1 php7-embed-7.4.6-3.22.1 php7-embed-debuginfo-7.4.6-3.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.22.1 php7-debugsource-7.4.6-3.22.1 php7-embed-7.4.6-3.22.1 php7-embed-debuginfo-7.4.6-3.22.1 References: https://www.suse.com/security/cve/CVE-2021-21704.html https://www.suse.com/security/cve/CVE-2021-21705.html https://bugzilla.suse.com/1188035 https://bugzilla.suse.com/1188037 From sle-updates at lists.suse.com Fri Aug 6 13:28:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:28:38 +0200 (CEST) Subject: SUSE-SU-2021:2636-1: important: Security update for php74 Message-ID: <20210806132838.35B12FCEF@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2636-1 Rating: important References: #1188035 #1188037 Cross-References: CVE-2021-21704 CVE-2021-21705 CVSS scores: CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php74 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). - CVE-2021-21705: Fixed SSRF bypass in FILTER_VALIDATE_URL (bsc#1188037). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2636=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-2636=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.24.1 php74-debugsource-7.4.6-1.24.1 php74-devel-7.4.6-1.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.24.1 apache2-mod_php74-debuginfo-7.4.6-1.24.1 php74-7.4.6-1.24.1 php74-bcmath-7.4.6-1.24.1 php74-bcmath-debuginfo-7.4.6-1.24.1 php74-bz2-7.4.6-1.24.1 php74-bz2-debuginfo-7.4.6-1.24.1 php74-calendar-7.4.6-1.24.1 php74-calendar-debuginfo-7.4.6-1.24.1 php74-ctype-7.4.6-1.24.1 php74-ctype-debuginfo-7.4.6-1.24.1 php74-curl-7.4.6-1.24.1 php74-curl-debuginfo-7.4.6-1.24.1 php74-dba-7.4.6-1.24.1 php74-dba-debuginfo-7.4.6-1.24.1 php74-debuginfo-7.4.6-1.24.1 php74-debugsource-7.4.6-1.24.1 php74-dom-7.4.6-1.24.1 php74-dom-debuginfo-7.4.6-1.24.1 php74-enchant-7.4.6-1.24.1 php74-enchant-debuginfo-7.4.6-1.24.1 php74-exif-7.4.6-1.24.1 php74-exif-debuginfo-7.4.6-1.24.1 php74-fastcgi-7.4.6-1.24.1 php74-fastcgi-debuginfo-7.4.6-1.24.1 php74-fileinfo-7.4.6-1.24.1 php74-fileinfo-debuginfo-7.4.6-1.24.1 php74-fpm-7.4.6-1.24.1 php74-fpm-debuginfo-7.4.6-1.24.1 php74-ftp-7.4.6-1.24.1 php74-ftp-debuginfo-7.4.6-1.24.1 php74-gd-7.4.6-1.24.1 php74-gd-debuginfo-7.4.6-1.24.1 php74-gettext-7.4.6-1.24.1 php74-gettext-debuginfo-7.4.6-1.24.1 php74-gmp-7.4.6-1.24.1 php74-gmp-debuginfo-7.4.6-1.24.1 php74-iconv-7.4.6-1.24.1 php74-iconv-debuginfo-7.4.6-1.24.1 php74-intl-7.4.6-1.24.1 php74-intl-debuginfo-7.4.6-1.24.1 php74-json-7.4.6-1.24.1 php74-json-debuginfo-7.4.6-1.24.1 php74-ldap-7.4.6-1.24.1 php74-ldap-debuginfo-7.4.6-1.24.1 php74-mbstring-7.4.6-1.24.1 php74-mbstring-debuginfo-7.4.6-1.24.1 php74-mysql-7.4.6-1.24.1 php74-mysql-debuginfo-7.4.6-1.24.1 php74-odbc-7.4.6-1.24.1 php74-odbc-debuginfo-7.4.6-1.24.1 php74-opcache-7.4.6-1.24.1 php74-opcache-debuginfo-7.4.6-1.24.1 php74-openssl-7.4.6-1.24.1 php74-openssl-debuginfo-7.4.6-1.24.1 php74-pcntl-7.4.6-1.24.1 php74-pcntl-debuginfo-7.4.6-1.24.1 php74-pdo-7.4.6-1.24.1 php74-pdo-debuginfo-7.4.6-1.24.1 php74-pgsql-7.4.6-1.24.1 php74-pgsql-debuginfo-7.4.6-1.24.1 php74-phar-7.4.6-1.24.1 php74-phar-debuginfo-7.4.6-1.24.1 php74-posix-7.4.6-1.24.1 php74-posix-debuginfo-7.4.6-1.24.1 php74-readline-7.4.6-1.24.1 php74-readline-debuginfo-7.4.6-1.24.1 php74-shmop-7.4.6-1.24.1 php74-shmop-debuginfo-7.4.6-1.24.1 php74-snmp-7.4.6-1.24.1 php74-snmp-debuginfo-7.4.6-1.24.1 php74-soap-7.4.6-1.24.1 php74-soap-debuginfo-7.4.6-1.24.1 php74-sockets-7.4.6-1.24.1 php74-sockets-debuginfo-7.4.6-1.24.1 php74-sodium-7.4.6-1.24.1 php74-sodium-debuginfo-7.4.6-1.24.1 php74-sqlite-7.4.6-1.24.1 php74-sqlite-debuginfo-7.4.6-1.24.1 php74-sysvmsg-7.4.6-1.24.1 php74-sysvmsg-debuginfo-7.4.6-1.24.1 php74-sysvsem-7.4.6-1.24.1 php74-sysvsem-debuginfo-7.4.6-1.24.1 php74-sysvshm-7.4.6-1.24.1 php74-sysvshm-debuginfo-7.4.6-1.24.1 php74-tidy-7.4.6-1.24.1 php74-tidy-debuginfo-7.4.6-1.24.1 php74-tokenizer-7.4.6-1.24.1 php74-tokenizer-debuginfo-7.4.6-1.24.1 php74-xmlreader-7.4.6-1.24.1 php74-xmlreader-debuginfo-7.4.6-1.24.1 php74-xmlrpc-7.4.6-1.24.1 php74-xmlrpc-debuginfo-7.4.6-1.24.1 php74-xmlwriter-7.4.6-1.24.1 php74-xmlwriter-debuginfo-7.4.6-1.24.1 php74-xsl-7.4.6-1.24.1 php74-xsl-debuginfo-7.4.6-1.24.1 php74-zip-7.4.6-1.24.1 php74-zip-debuginfo-7.4.6-1.24.1 php74-zlib-7.4.6-1.24.1 php74-zlib-debuginfo-7.4.6-1.24.1 References: https://www.suse.com/security/cve/CVE-2021-21704.html https://www.suse.com/security/cve/CVE-2021-21705.html https://bugzilla.suse.com/1188035 https://bugzilla.suse.com/1188037 From sle-updates at lists.suse.com Fri Aug 6 13:29:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:29:56 +0200 (CEST) Subject: SUSE-SU-2021:2634-1: important: Security update for mariadb Message-ID: <20210806132956.4919FFCEF@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2634-1 Rating: important References: #1182739 #1183770 #1185868 #1185870 #1185872 #1188300 Cross-References: CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 CVSS scores: CVE-2021-2154 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2154 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2180 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2180 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-27928 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27928 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2634=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2634=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2634=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2634=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2634=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-10.2.39-3.36.1 mariadb-client-10.2.39-3.36.1 mariadb-client-debuginfo-10.2.39-3.36.1 mariadb-debuginfo-10.2.39-3.36.1 mariadb-debugsource-10.2.39-3.36.1 mariadb-galera-10.2.39-3.36.1 mariadb-tools-10.2.39-3.36.1 mariadb-tools-debuginfo-10.2.39-3.36.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): mariadb-errormessages-10.2.39-3.36.1 - SUSE OpenStack Cloud 9 (noarch): mariadb-errormessages-10.2.39-3.36.1 - SUSE OpenStack Cloud 9 (x86_64): mariadb-10.2.39-3.36.1 mariadb-client-10.2.39-3.36.1 mariadb-client-debuginfo-10.2.39-3.36.1 mariadb-debuginfo-10.2.39-3.36.1 mariadb-debugsource-10.2.39-3.36.1 mariadb-galera-10.2.39-3.36.1 mariadb-tools-10.2.39-3.36.1 mariadb-tools-debuginfo-10.2.39-3.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mariadb-10.2.39-3.36.1 mariadb-client-10.2.39-3.36.1 mariadb-client-debuginfo-10.2.39-3.36.1 mariadb-debuginfo-10.2.39-3.36.1 mariadb-debugsource-10.2.39-3.36.1 mariadb-tools-10.2.39-3.36.1 mariadb-tools-debuginfo-10.2.39-3.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): mariadb-errormessages-10.2.39-3.36.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mariadb-10.2.39-3.36.1 mariadb-client-10.2.39-3.36.1 mariadb-client-debuginfo-10.2.39-3.36.1 mariadb-debuginfo-10.2.39-3.36.1 mariadb-debugsource-10.2.39-3.36.1 mariadb-tools-10.2.39-3.36.1 mariadb-tools-debuginfo-10.2.39-3.36.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): mariadb-errormessages-10.2.39-3.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mariadb-10.2.39-3.36.1 mariadb-client-10.2.39-3.36.1 mariadb-client-debuginfo-10.2.39-3.36.1 mariadb-debuginfo-10.2.39-3.36.1 mariadb-debugsource-10.2.39-3.36.1 mariadb-tools-10.2.39-3.36.1 mariadb-tools-debuginfo-10.2.39-3.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): mariadb-errormessages-10.2.39-3.36.1 References: https://www.suse.com/security/cve/CVE-2021-2154.html https://www.suse.com/security/cve/CVE-2021-2166.html https://www.suse.com/security/cve/CVE-2021-2180.html https://www.suse.com/security/cve/CVE-2021-27928.html https://bugzilla.suse.com/1182739 https://bugzilla.suse.com/1183770 https://bugzilla.suse.com/1185868 https://bugzilla.suse.com/1185870 https://bugzilla.suse.com/1185872 https://bugzilla.suse.com/1188300 From sle-updates at lists.suse.com Fri Aug 6 13:31:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:31:44 +0200 (CEST) Subject: SUSE-SU-2021:2635-1: Security update for fastjar Message-ID: <20210806133144.5D578FCEF@maintenance.suse.de> SUSE Security Update: Security update for fastjar ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2635-1 Rating: low References: #1188517 Cross-References: CVE-2010-2322 CVSS scores: CVE-2010-2322 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fastjar fixes the following issues: - CVE-2010-2322: Fixed a directory traversal vulnerabilities. (bsc#1188517) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2635=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): fastjar-0.98-22.3.1 fastjar-debuginfo-0.98-22.3.1 fastjar-debugsource-0.98-22.3.1 References: https://www.suse.com/security/cve/CVE-2010-2322.html https://bugzilla.suse.com/1188517 From sle-updates at lists.suse.com Fri Aug 6 13:32:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:32:51 +0200 (CEST) Subject: SUSE-SU-2021:2631-1: important: Security update for python-Pillow Message-ID: <20210806133251.C491CFCEF@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2631-1 Rating: important References: #1188574 Cross-References: CVE-2021-34552 CVSS scores: CVE-2021-34552 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-34552 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2021-34552: Fixed a buffer overflow in Convert.c (bsc#1188574) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2631=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2631=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Pillow-5.2.0-3.11.1 python-Pillow-debuginfo-5.2.0-3.11.1 python-Pillow-debugsource-5.2.0-3.11.1 - SUSE OpenStack Cloud 9 (x86_64): python-Pillow-5.2.0-3.11.1 python-Pillow-debuginfo-5.2.0-3.11.1 python-Pillow-debugsource-5.2.0-3.11.1 References: https://www.suse.com/security/cve/CVE-2021-34552.html https://bugzilla.suse.com/1188574 From sle-updates at lists.suse.com Fri Aug 6 13:33:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:33:59 +0200 (CEST) Subject: SUSE-SU-2021:14774-1: important: Security update for kvm Message-ID: <20210806133359.DBC5BFCEF@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14774-1 Rating: important References: #1031692 #1173612 #1174386 #1178683 #1180523 #1181933 #1186473 #1187364 #1187367 Cross-References: CVE-2020-11947 CVE-2020-15469 CVE-2020-15863 CVE-2020-25707 CVE-2021-20221 CVE-2021-3416 CVE-2021-3592 CVE-2021-3594 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-15469 (NVD) : 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15469 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15863 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-15863 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-25707 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-20221 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-3416 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for kvm fixes the following issues: - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187367) - CVE-2021-3592: invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2021-3416: infinite loop in loopback mode may lead to stack overflow. (bsc#1186473) - CVE-2020-15469: MMIO ops null pointer dereference may lead to DoS. (bsc#1173612) - CVE-2020-11947: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read. (bsc#1180523) - CVE-2021-20221: out-of-bound heap buffer access via an interrupt ID field. (bsc#1181933) - CVE-2020-25707: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c. (bsc#1178683) - CVE-2020-15863: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c. (bsc#1174386) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-14774=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.41.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2020-15469.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-25707.html https://www.suse.com/security/cve/CVE-2021-20221.html https://www.suse.com/security/cve/CVE-2021-3416.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://bugzilla.suse.com/1031692 https://bugzilla.suse.com/1173612 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1178683 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1186473 https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187367 From sle-updates at lists.suse.com Fri Aug 6 13:36:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:36:03 +0200 (CEST) Subject: SUSE-SU-2021:2632-1: important: Security update for python-Pillow Message-ID: <20210806133603.7F849FCEF@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2632-1 Rating: important References: #1188574 Cross-References: CVE-2021-34552 CVSS scores: CVE-2021-34552 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-34552 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2021-34552: Fixed a buffer overflow in Convert.c (bsc#1188574) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2632=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2632=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2632=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Pillow-4.2.1-3.17.1 python-Pillow-debuginfo-4.2.1-3.17.1 python-Pillow-debugsource-4.2.1-3.17.1 - SUSE OpenStack Cloud 8 (x86_64): python-Pillow-4.2.1-3.17.1 python-Pillow-debuginfo-4.2.1-3.17.1 python-Pillow-debugsource-4.2.1-3.17.1 - HPE Helion Openstack 8 (x86_64): python-Pillow-4.2.1-3.17.1 python-Pillow-debuginfo-4.2.1-3.17.1 python-Pillow-debugsource-4.2.1-3.17.1 References: https://www.suse.com/security/cve/CVE-2021-34552.html https://bugzilla.suse.com/1188574 From sle-updates at lists.suse.com Fri Aug 6 13:37:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 15:37:14 +0200 (CEST) Subject: SUSE-SU-2021:2638-1: important: Security update for php72 Message-ID: <20210806133714.26899FCEF@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2638-1 Rating: important References: #1188035 Cross-References: CVE-2021-21704 CVSS scores: CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php72 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2638=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-2638=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.66.1 php72-debugsource-7.2.5-1.66.1 php72-devel-7.2.5-1.66.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.66.1 apache2-mod_php72-debuginfo-7.2.5-1.66.1 php72-7.2.5-1.66.1 php72-bcmath-7.2.5-1.66.1 php72-bcmath-debuginfo-7.2.5-1.66.1 php72-bz2-7.2.5-1.66.1 php72-bz2-debuginfo-7.2.5-1.66.1 php72-calendar-7.2.5-1.66.1 php72-calendar-debuginfo-7.2.5-1.66.1 php72-ctype-7.2.5-1.66.1 php72-ctype-debuginfo-7.2.5-1.66.1 php72-curl-7.2.5-1.66.1 php72-curl-debuginfo-7.2.5-1.66.1 php72-dba-7.2.5-1.66.1 php72-dba-debuginfo-7.2.5-1.66.1 php72-debuginfo-7.2.5-1.66.1 php72-debugsource-7.2.5-1.66.1 php72-dom-7.2.5-1.66.1 php72-dom-debuginfo-7.2.5-1.66.1 php72-enchant-7.2.5-1.66.1 php72-enchant-debuginfo-7.2.5-1.66.1 php72-exif-7.2.5-1.66.1 php72-exif-debuginfo-7.2.5-1.66.1 php72-fastcgi-7.2.5-1.66.1 php72-fastcgi-debuginfo-7.2.5-1.66.1 php72-fileinfo-7.2.5-1.66.1 php72-fileinfo-debuginfo-7.2.5-1.66.1 php72-fpm-7.2.5-1.66.1 php72-fpm-debuginfo-7.2.5-1.66.1 php72-ftp-7.2.5-1.66.1 php72-ftp-debuginfo-7.2.5-1.66.1 php72-gd-7.2.5-1.66.1 php72-gd-debuginfo-7.2.5-1.66.1 php72-gettext-7.2.5-1.66.1 php72-gettext-debuginfo-7.2.5-1.66.1 php72-gmp-7.2.5-1.66.1 php72-gmp-debuginfo-7.2.5-1.66.1 php72-iconv-7.2.5-1.66.1 php72-iconv-debuginfo-7.2.5-1.66.1 php72-imap-7.2.5-1.66.1 php72-imap-debuginfo-7.2.5-1.66.1 php72-intl-7.2.5-1.66.1 php72-intl-debuginfo-7.2.5-1.66.1 php72-json-7.2.5-1.66.1 php72-json-debuginfo-7.2.5-1.66.1 php72-ldap-7.2.5-1.66.1 php72-ldap-debuginfo-7.2.5-1.66.1 php72-mbstring-7.2.5-1.66.1 php72-mbstring-debuginfo-7.2.5-1.66.1 php72-mysql-7.2.5-1.66.1 php72-mysql-debuginfo-7.2.5-1.66.1 php72-odbc-7.2.5-1.66.1 php72-odbc-debuginfo-7.2.5-1.66.1 php72-opcache-7.2.5-1.66.1 php72-opcache-debuginfo-7.2.5-1.66.1 php72-openssl-7.2.5-1.66.1 php72-openssl-debuginfo-7.2.5-1.66.1 php72-pcntl-7.2.5-1.66.1 php72-pcntl-debuginfo-7.2.5-1.66.1 php72-pdo-7.2.5-1.66.1 php72-pdo-debuginfo-7.2.5-1.66.1 php72-pgsql-7.2.5-1.66.1 php72-pgsql-debuginfo-7.2.5-1.66.1 php72-phar-7.2.5-1.66.1 php72-phar-debuginfo-7.2.5-1.66.1 php72-posix-7.2.5-1.66.1 php72-posix-debuginfo-7.2.5-1.66.1 php72-pspell-7.2.5-1.66.1 php72-pspell-debuginfo-7.2.5-1.66.1 php72-readline-7.2.5-1.66.1 php72-readline-debuginfo-7.2.5-1.66.1 php72-shmop-7.2.5-1.66.1 php72-shmop-debuginfo-7.2.5-1.66.1 php72-snmp-7.2.5-1.66.1 php72-snmp-debuginfo-7.2.5-1.66.1 php72-soap-7.2.5-1.66.1 php72-soap-debuginfo-7.2.5-1.66.1 php72-sockets-7.2.5-1.66.1 php72-sockets-debuginfo-7.2.5-1.66.1 php72-sodium-7.2.5-1.66.1 php72-sodium-debuginfo-7.2.5-1.66.1 php72-sqlite-7.2.5-1.66.1 php72-sqlite-debuginfo-7.2.5-1.66.1 php72-sysvmsg-7.2.5-1.66.1 php72-sysvmsg-debuginfo-7.2.5-1.66.1 php72-sysvsem-7.2.5-1.66.1 php72-sysvsem-debuginfo-7.2.5-1.66.1 php72-sysvshm-7.2.5-1.66.1 php72-sysvshm-debuginfo-7.2.5-1.66.1 php72-tidy-7.2.5-1.66.1 php72-tidy-debuginfo-7.2.5-1.66.1 php72-tokenizer-7.2.5-1.66.1 php72-tokenizer-debuginfo-7.2.5-1.66.1 php72-wddx-7.2.5-1.66.1 php72-wddx-debuginfo-7.2.5-1.66.1 php72-xmlreader-7.2.5-1.66.1 php72-xmlreader-debuginfo-7.2.5-1.66.1 php72-xmlrpc-7.2.5-1.66.1 php72-xmlrpc-debuginfo-7.2.5-1.66.1 php72-xmlwriter-7.2.5-1.66.1 php72-xmlwriter-debuginfo-7.2.5-1.66.1 php72-xsl-7.2.5-1.66.1 php72-xsl-debuginfo-7.2.5-1.66.1 php72-zip-7.2.5-1.66.1 php72-zip-debuginfo-7.2.5-1.66.1 php72-zlib-7.2.5-1.66.1 php72-zlib-debuginfo-7.2.5-1.66.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.66.1 php72-pear-Archive_Tar-7.2.5-1.66.1 References: https://www.suse.com/security/cve/CVE-2021-21704.html https://bugzilla.suse.com/1188035 From sle-updates at lists.suse.com Fri Aug 6 16:23:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 18:23:06 +0200 (CEST) Subject: SUSE-RU-2021:2640-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20210806162306.A9AA6FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2640-1 Rating: moderate References: #1029162 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client contains the following fix: - Update to version 9.2.0: (bsc#1029162) + Support IPv6 as best-effort, with fallback to IPv4 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2640=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-2640=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-2640=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-9.2.0-6.46.1 cloud-regionsrv-client-generic-config-1.0.0-6.46.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.46.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.46.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.46.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-9.2.0-6.46.1 cloud-regionsrv-client-generic-config-1.0.0-6.46.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.46.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.46.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.46.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.2.0-6.46.1 cloud-regionsrv-client-generic-config-1.0.0-6.46.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.46.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.46.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.46.1 References: https://bugzilla.suse.com/1029162 From sle-updates at lists.suse.com Fri Aug 6 16:28:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Aug 2021 18:28:00 +0200 (CEST) Subject: SUSE-RU-2021:2639-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20210806162800.9809BFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2639-1 Rating: moderate References: #1029162 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client contains the following fix: - Update to version 9.2.0. (bsc#1029162) + Support IPv6 as best-effort, with fallback to IPv4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-2639=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.2.0-52.53.1 cloud-regionsrv-client-generic-config-1.0.0-52.53.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.53.1 cloud-regionsrv-client-plugin-ec2-1.0.1-52.53.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.53.1 References: https://bugzilla.suse.com/1029162 From sle-updates at lists.suse.com Sat Aug 7 06:32:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 08:32:10 +0200 (CEST) Subject: SUSE-CU-2021:276-1: Security update of suse/sles12sp3 Message-ID: <20210807063210.B3792FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:276-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.284 , suse/sles12sp3:latest Container Release : 24.284 Severity : important Type : security References : 1161510 1172505 1178561 1181443 1184761 1184967 1185046 1185331 1185562 1185807 1186015 1186229 1187105 1187212 1188063 1188217 1188218 1188219 1188220 CVE-2019-20387 CVE-2020-12049 CVE-2020-35512 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-3200 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2016-1 Released: Fri Jun 18 09:39:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2086-1 Released: Fri Jun 18 17:28:57 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2156-1 Released: Thu Jun 24 15:39:39 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2180-1 Released: Mon Jun 28 17:40:39 2021 Summary: Security update for libsolv Type: security Severity: important References: 1161510,1186229,CVE-2019-20387,CVE-2021-3200 This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2419-1 Released: Wed Jul 21 10:06:22 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2423-1 Released: Wed Jul 21 11:03:43 2021 Summary: Security update for systemd Type: security Severity: important References: 1178561,1184761,1184967,1185046,1185331,1185807,1188063,CVE-2021-33910 This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2590-1 Released: Mon Aug 2 12:52:54 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1172505,1187105,CVE-2020-12049,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105) - CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505) From sle-updates at lists.suse.com Sat Aug 7 06:48:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 08:48:13 +0200 (CEST) Subject: SUSE-CU-2021:277-1: Security update of suse/sles12sp4 Message-ID: <20210807064813.80CD1FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:277-1 Container Tags : suse/sles12sp4:26.325 , suse/sles12sp4:latest Container Release : 26.325 Severity : important Type : security References : 1027496 1131330 1161510 1178561 1181443 1184761 1184967 1185046 1185331 1185562 1185807 1186015 1186229 1187212 1187784 1187911 1188063 1188217 1188218 1188219 1188220 CVE-2016-10228 CVE-2019-20387 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-3200 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-35942 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2016-1 Released: Fri Jun 18 09:39:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2086-1 Released: Fri Jun 18 17:28:57 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2156-1 Released: Thu Jun 24 15:39:39 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2180-1 Released: Mon Jun 28 17:40:39 2021 Summary: Security update for libsolv Type: security Severity: important References: 1161510,1186229,CVE-2019-20387,CVE-2021-3200 This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2423-1 Released: Wed Jul 21 11:03:43 2021 Summary: Security update for systemd Type: security Severity: important References: 1178561,1184761,1184967,1185046,1185331,1185807,1188063,CVE-2021-33910 This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2425-1 Released: Wed Jul 21 11:26:08 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2480-1 Released: Tue Jul 27 13:47:22 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1131330,1187911,CVE-2016-10228,CVE-2021-35942 This update for glibc fixes the following issues: Security issues fixed: - CVE-2021-35942: wordexp: Fixed handle overflow in positional parameter number (bsc#1187911) - CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496) Other fixes: - Fixed race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2578-1 Released: Sun Aug 1 15:54:42 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1187784 This update for openldap2 rebuilds openldap2 against a symbol versioned enabled openssl 1.0 library. This is an enablemend for migrations to openssl 1.1.1 which will enable TLS 1.3 support. From sle-updates at lists.suse.com Sat Aug 7 06:59:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 08:59:42 +0200 (CEST) Subject: SUSE-CU-2021:278-1: Security update of suse/sles12sp5 Message-ID: <20210807065942.87D02FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:278-1 Container Tags : suse/sles12sp5:6.5.210 , suse/sles12sp5:latest Container Release : 6.5.210 Severity : important Type : security References : 1027496 1047247 1050467 1093414 1097665 1123886 1131330 1150734 1155939 1157198 1160594 1160764 1161510 1161779 1163922 1171883 1181443 1182899 1184761 1185562 1185807 1186015 1186229 1187212 1187784 1187911 1188063 1188217 1188218 1188219 1188220 CVE-2016-10228 CVE-2019-20387 CVE-2019-3688 CVE-2019-3690 CVE-2020-8013 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-3200 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-35942 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2016-1 Released: Fri Jun 18 09:39:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2086-1 Released: Fri Jun 18 17:28:57 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2156-1 Released: Thu Jun 24 15:39:39 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2180-1 Released: Mon Jun 28 17:40:39 2021 Summary: Security update for libsolv Type: security Severity: important References: 1161510,1186229,CVE-2019-20387,CVE-2021-3200 This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2280-1 Released: Fri Jul 9 16:29:17 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1047247,1050467,1093414,1097665,1123886,1150734,1155939,1157198,1160594,1160764,1161779,1163922,1171883,1182899,CVE-2019-3688,CVE-2019-3690,CVE-2020-8013 This update for permissions fixes the following issues: - Fork package for 12-SP5 (bsc#1155939) - make btmp root:utmp (bsc#1050467, bsc#1182899) - pcp: remove no longer needed / conflicting entries (bsc#1171883). Fixes a potential security issue. - do not follow symlinks that are the final path element (CVE-2020-8013, bsc#1163922) - fix handling of relative directory symlinks in chkstat - whitelist postgres sticky directories (bsc#1123886) - fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594) - fix capability handling when doing multiple permission changes at once (bsc#1161779, - fix invalid free() when permfiles points to argv (bsc#1157198) - the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247, bsc#1097665) - fix /usr/sbin/pinger ownership to root:squid (bsc#1093414, CVE-2019-3688) - fix privilege escalation through untrusted symlinks (bsc#1150734, CVE-2019-3690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2405-1 Released: Tue Jul 20 14:21:55 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184761,1185807,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Fixed a regression with hostnamectl and timedatectl (bsc#1184761) - Fixed permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2462-1 Released: Fri Jul 23 11:23:22 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2480-1 Released: Tue Jul 27 13:47:22 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1131330,1187911,CVE-2016-10228,CVE-2021-35942 This update for glibc fixes the following issues: Security issues fixed: - CVE-2021-35942: wordexp: Fixed handle overflow in positional parameter number (bsc#1187911) - CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496) Other fixes: - Fixed race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2578-1 Released: Sun Aug 1 15:54:42 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1187784 This update for openldap2 rebuilds openldap2 against a symbol versioned enabled openssl 1.0 library. This is an enablemend for migrations to openssl 1.1.1 which will enable TLS 1.3 support. From sle-updates at lists.suse.com Sat Aug 7 07:24:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 09:24:43 +0200 (CEST) Subject: SUSE-CU-2021:279-1: Security update of suse/sle15 Message-ID: <20210807072443.E069BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:279-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.435 Container Release : 4.22.435 Severity : important Type : security References : 1029961 1040589 1047218 1106014 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1182016 1182604 1184761 1184967 1184994 1185046 1185331 1185540 1185807 1185958 1186015 1186049 1186791 1187060 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2155-1 Released: Thu Jun 24 15:38:25 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2440-1 Released: Wed Jul 21 13:48:24 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) From sle-updates at lists.suse.com Sat Aug 7 07:44:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 09:44:32 +0200 (CEST) Subject: SUSE-CU-2021:280-1: Security update of suse/sle15 Message-ID: <20210807074432.6E3BAFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:280-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.489 Container Release : 6.2.489 Severity : important Type : security References : 1029961 1040589 1047218 1106014 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1182016 1182604 1184761 1184967 1184994 1185046 1185331 1185540 1185807 1185958 1186015 1186049 1186791 1187060 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2440-1 Released: Wed Jul 21 13:48:24 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) From sle-updates at lists.suse.com Sat Aug 7 07:56:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 09:56:42 +0200 (CEST) Subject: SUSE-CU-2021:281-1: Security update of suse/sle15 Message-ID: <20210807075642.91B21FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:281-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.961 Container Release : 8.2.961 Severity : important Type : security References : 1029961 1040589 1047218 1047218 1099521 1106014 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1182016 1182604 1184326 1184399 1184761 1184967 1184994 1184997 1185046 1185221 1185325 1185331 1185540 1185807 1185958 1186015 1186049 1186447 1186503 1186579 1186642 1186791 1187060 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) From sle-updates at lists.suse.com Sat Aug 7 07:59:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Aug 2021 09:59:59 +0200 (CEST) Subject: SUSE-CU-2021:282-1: Security update of suse/sle15 Message-ID: <20210807075959.AEDBBFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:282-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.5.23 Container Release : 17.5.23 Severity : important Type : security References : 1040589 1047218 1099521 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641 1175448 1175449 1182604 1185540 1185807 1185828 1185958 1186049 1186411 1186447 1186503 1186791 1187154 1187210 1187212 1187292 1188063 1188217 1188218 1188219 1188220 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) From sle-updates at lists.suse.com Tue Aug 10 13:25:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 15:25:59 +0200 (CEST) Subject: SUSE-SU-2021:2645-1: important: Security update for the Linux Kernel Message-ID: <20210810132559.12FDFFCEF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2645-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1152472 #1152489 #1153274 #1154353 #1155518 #1156395 #1170511 #1176447 #1176940 #1179243 #1180092 #1180814 #1183871 #1184114 #1184350 #1184631 #1184804 #1185308 #1185377 #1185791 #1186194 #1186206 #1186482 #1186483 #1187215 #1187476 #1187495 #1187585 #1188036 #1188080 #1188101 #1188121 #1188126 #1188176 #1188267 #1188268 #1188269 #1188323 #1188366 #1188405 #1188445 #1188504 #1188620 #1188683 #1188703 #1188720 #1188746 #1188747 #1188748 #1188752 #1188770 #1188771 #1188772 #1188773 #1188774 #1188777 #1188838 #1188876 #1188885 #1188893 #1188973 Cross-References: CVE-2021-21781 CVE-2021-22543 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 58 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - Revert "Bluetooth: btintel: Fix endianness issue for TLV version information" (bsc#1188893). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - Revert "drm/i915: Propagate errors on awaiting already signaled fences" (git-fixes). - Revert "drm: add a locked version of drm_is_current_master" (git-fixes). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - Revert "iwlwifi: remove wide_cmd_header field" (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: Revert unnecessary patches that fix unreal use-after-free bugs (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of "sym-offset" modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2645=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-38.17.1 kernel-source-azure-5.3.18-38.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-38.17.1 kernel-azure-debuginfo-5.3.18-38.17.1 kernel-azure-debugsource-5.3.18-38.17.1 kernel-azure-devel-5.3.18-38.17.1 kernel-azure-devel-debuginfo-5.3.18-38.17.1 kernel-syms-azure-5.3.18-38.17.1 References: https://www.suse.com/security/cve/CVE-2021-21781.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-35039.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3612.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1170511 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1180092 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184631 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185308 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185791 https://bugzilla.suse.com/1186194 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1187495 https://bugzilla.suse.com/1187585 https://bugzilla.suse.com/1188036 https://bugzilla.suse.com/1188080 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188121 https://bugzilla.suse.com/1188126 https://bugzilla.suse.com/1188176 https://bugzilla.suse.com/1188267 https://bugzilla.suse.com/1188268 https://bugzilla.suse.com/1188269 https://bugzilla.suse.com/1188323 https://bugzilla.suse.com/1188366 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188445 https://bugzilla.suse.com/1188504 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188683 https://bugzilla.suse.com/1188703 https://bugzilla.suse.com/1188720 https://bugzilla.suse.com/1188746 https://bugzilla.suse.com/1188747 https://bugzilla.suse.com/1188748 https://bugzilla.suse.com/1188752 https://bugzilla.suse.com/1188770 https://bugzilla.suse.com/1188771 https://bugzilla.suse.com/1188772 https://bugzilla.suse.com/1188773 https://bugzilla.suse.com/1188774 https://bugzilla.suse.com/1188777 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188893 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Tue Aug 10 13:34:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 15:34:52 +0200 (CEST) Subject: SUSE-SU-2021:2646-1: important: Security update for the Linux Kernel Message-ID: <20210810133452.3E90BFCEF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2646-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1153274 #1154353 #1155518 #1156395 #1176940 #1179243 #1180092 #1183871 #1184114 #1184350 #1184631 #1184804 #1185377 #1185902 #1186194 #1186206 #1186482 #1186483 #1187476 #1188101 #1188405 #1188445 #1188504 #1188620 #1188683 #1188746 #1188747 #1188748 #1188770 #1188771 #1188772 #1188773 #1188774 #1188777 #1188838 #1188876 #1188885 #1188973 Cross-References: CVE-2021-21781 CVE-2021-22543 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-2646=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.61.1 kernel-source-azure-5.3.18-18.61.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.61.1 kernel-azure-debuginfo-5.3.18-18.61.1 kernel-azure-debugsource-5.3.18-18.61.1 kernel-azure-devel-5.3.18-18.61.1 kernel-azure-devel-debuginfo-5.3.18-18.61.1 kernel-syms-azure-5.3.18-18.61.1 References: https://www.suse.com/security/cve/CVE-2021-21781.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1180092 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184631 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186194 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188445 https://bugzilla.suse.com/1188504 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188683 https://bugzilla.suse.com/1188746 https://bugzilla.suse.com/1188747 https://bugzilla.suse.com/1188748 https://bugzilla.suse.com/1188770 https://bugzilla.suse.com/1188771 https://bugzilla.suse.com/1188772 https://bugzilla.suse.com/1188773 https://bugzilla.suse.com/1188774 https://bugzilla.suse.com/1188777 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Tue Aug 10 13:40:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 15:40:57 +0200 (CEST) Subject: SUSE-SU-2021:14776-1: important: Security update for libcares2 Message-ID: <20210810134057.91BE5FCF4@maintenance.suse.de> SUSE Security Update: Security update for libcares2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14776-1 Rating: important References: #1188881 Cross-References: CVE-2021-3672 CVSS scores: CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libcares2-14776=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libcares2-14776=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcares2-14776=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libcares2-1.7.4-7.10.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libcares2-1.7.4-7.10.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libcares2-debuginfo-1.7.4-7.10.3.1 libcares2-debugsource-1.7.4-7.10.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): libcares2-debuginfo-32bit-1.7.4-7.10.3.1 References: https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 From sle-updates at lists.suse.com Tue Aug 10 13:42:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 15:42:04 +0200 (CEST) Subject: SUSE-SU-2021:2643-1: important: Security update for the Linux Kernel Message-ID: <20210810134204.E1547FCEF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2643-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1153720 #1170511 #1176724 #1176931 #1176940 #1179195 #1181161 #1183871 #1184114 #1184350 #1184804 #1185032 #1185308 #1185377 #1185791 #1185995 #1186206 #1186482 #1186672 #1187038 #1187050 #1187215 #1187476 #1187585 #1187846 #1188026 #1188062 #1188101 #1188116 #1188273 #1188274 #1188405 #1188620 #1188750 #1188838 #1188842 #1188876 #1188885 #1188973 SLE-10538 Cross-References: CVE-2020-0429 CVE-2020-36385 CVE-2020-36386 CVE-2021-22543 CVE-2021-22555 CVE-2021-33909 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22555 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains one feature and has 33 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bsc#1187038). - CVE-2021-22543: Fixed an improper handling of VM_IO|VM_PFNMAP vmas in KVM that allows users to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (bnc#1186482) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050) The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" (git-fixes). - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes). - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" (git-fixes). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: move many drivers to use DEVICE_ATTR_WO (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan (git-fixes). - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188750). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()' (git-fixes). - crypto: do not free algorithm before using (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix wrong shift (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - e100: handle eeprom as little endian (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188273). - fuse: reject internal errno (bsc#1188274). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add NULL pointer checks when freeing irqs (bsc#1176940). - gve: Add basic driver framework for Compute Engine Virtual NIC (jsc#SLE-10538). - gve: Add dqo descriptors (bsc#1176940). - gve: Add ethtool support (jsc#SLE-10538). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Add workqueue and reset support (jsc#SLE-10538). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538). - gve: Correct SKB queue index validation (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (bsc#1176940). - gve: Fix case where desc_cnt and data_cnt can get out of sync (jsc#SLE-10538). - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix the queue page list allocated pages count (bsc#1176940). - gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Fixes DMA synchronization (jsc#SLE-10538). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Remove the exporting of gve_probe (jsc#SLE-10538). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940). - gve: Upgrade memory barrier in poll routine (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538). - gve: fix dma sync bug where not all pages synced (bsc#1176940). - gve: fix unused variable/label warnings (jsc#SLE-10538). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: replace kfree with kvfree (jsc#SLE-10538). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161). - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lpfc: Decouple port_template and vport_template (bsc#1185032). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - netsec: restore phy power state after controller reset (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1181161). - nvme-multipath: fix double initialization of ANA state (bsc#1181161). - nvme-rdma: add clean action for failed reconnection (bsc#1181161). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1181161). - nvme-rdma: use cancel tagset helper for tear down (bsc#1181161). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - nvmet: use new ana_log_size instead the old one (bsc#1181161). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries/scm: Use a specific endian format for storing uuid from the device tree (bsc#1113295, git-fixes). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: sti: reset-syscfg: fix struct description warnings (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes) - sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - sched/numa: Fix a possible divide-by-zero (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (bsc#1185995). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195). - serial: mvebu-uart: clarify the baud rate derivation (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: move many drivers to use DEVICE_ATTR_WO (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors and warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2643=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.54.1 kernel-source-rt-4.12.14-10.54.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.54.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.54.1 dlm-kmp-rt-4.12.14-10.54.1 dlm-kmp-rt-debuginfo-4.12.14-10.54.1 gfs2-kmp-rt-4.12.14-10.54.1 gfs2-kmp-rt-debuginfo-4.12.14-10.54.1 kernel-rt-4.12.14-10.54.1 kernel-rt-base-4.12.14-10.54.1 kernel-rt-base-debuginfo-4.12.14-10.54.1 kernel-rt-debuginfo-4.12.14-10.54.1 kernel-rt-debugsource-4.12.14-10.54.1 kernel-rt-devel-4.12.14-10.54.1 kernel-rt-devel-debuginfo-4.12.14-10.54.1 kernel-rt_debug-4.12.14-10.54.1 kernel-rt_debug-debuginfo-4.12.14-10.54.1 kernel-rt_debug-debugsource-4.12.14-10.54.1 kernel-rt_debug-devel-4.12.14-10.54.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.54.1 kernel-syms-rt-4.12.14-10.54.1 ocfs2-kmp-rt-4.12.14-10.54.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.54.1 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-36385.html https://www.suse.com/security/cve/CVE-2020-36386.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-22555.html https://www.suse.com/security/cve/CVE-2021-33909.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3612.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1153720 https://bugzilla.suse.com/1170511 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1185308 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185791 https://bugzilla.suse.com/1185995 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186672 https://bugzilla.suse.com/1187038 https://bugzilla.suse.com/1187050 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1187585 https://bugzilla.suse.com/1187846 https://bugzilla.suse.com/1188026 https://bugzilla.suse.com/1188062 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188116 https://bugzilla.suse.com/1188273 https://bugzilla.suse.com/1188274 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188750 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188842 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Tue Aug 10 13:51:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 15:51:54 +0200 (CEST) Subject: SUSE-SU-2021:2647-1: important: Security update for the Linux Kernel Message-ID: <20210810135154.CAE72FCEF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2647-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1176724 #1176931 #1176940 #1179195 #1181161 #1183871 #1184114 #1184350 #1184804 #1185377 #1186206 #1186482 #1186483 #1186672 #1187038 #1187476 #1187846 #1188026 #1188101 #1188405 #1188620 #1188750 #1188838 #1188876 #1188885 #1188973 Cross-References: CVE-2020-0429 CVE-2020-36386 CVE-2021-22543 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bsc#1187038 ). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: move many drivers to use DEVICE_ATTR_WO (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188750). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - crypto: do not free algorithm before using (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e100: handle eeprom as little endian (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add NULL pointer checks when freeing irqs (bsc#1176940). - gve: Add basic driver framework for Compute Engine Virtual NIC (jsc#SLE-10538). - gve: Add dqo descriptors (bsc#1176940). - gve: Add ethtool support (jsc#SLE-10538). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Add workqueue and reset support (jsc#SLE-10538). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538). - gve: Correct SKB queue index validation (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (bsc#1176940). - gve: Fix case where desc_cnt and data_cnt can get out of sync (jsc#SLE-10538). - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538). - gve: Fix the queue page list allocated pages count (bsc#1176940). - gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Fixes DMA synchronization (jsc#SLE-10538). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Remove the exporting of gve_probe (jsc#SLE-10538). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940). - gve: Upgrade memory barrier in poll routine (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538). - gve: fix dma sync bug where not all pages synced (bsc#1176940). - gve: fix unused variable/label warnings (jsc#SLE-10538). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: replace kfree with kvfree (jsc#SLE-10538). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161). - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1181161). - nvme-multipath: fix double initialization of ANA state (bsc#1181161). - nvme-rdma: add clean action for failed reconnection (bsc#1181161). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1181161). - nvme-rdma: use cancel tagset helper for tear down (bsc#1181161). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161). - nvmet: use new ana_log_size instead the old one (bsc#1181161). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries/scm: Use a specific endian format for storing uuid from the device tree (bsc#1113295, git-fixes). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - scripts/git_sort/git_sort.py: add bpf git repo - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2647=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2647=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2647=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2647=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2647=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.83.1 kernel-default-debugsource-4.12.14-122.83.1 kernel-default-extra-4.12.14-122.83.1 kernel-default-extra-debuginfo-4.12.14-122.83.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.83.1 kernel-obs-build-debugsource-4.12.14-122.83.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.83.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.83.1 kernel-default-base-4.12.14-122.83.1 kernel-default-base-debuginfo-4.12.14-122.83.1 kernel-default-debuginfo-4.12.14-122.83.1 kernel-default-debugsource-4.12.14-122.83.1 kernel-default-devel-4.12.14-122.83.1 kernel-syms-4.12.14-122.83.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.83.1 kernel-macros-4.12.14-122.83.1 kernel-source-4.12.14-122.83.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.83.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.83.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.83.1 kernel-default-debugsource-4.12.14-122.83.1 kernel-default-kgraft-4.12.14-122.83.1 kernel-default-kgraft-devel-4.12.14-122.83.1 kgraft-patch-4_12_14-122_83-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.83.1 cluster-md-kmp-default-debuginfo-4.12.14-122.83.1 dlm-kmp-default-4.12.14-122.83.1 dlm-kmp-default-debuginfo-4.12.14-122.83.1 gfs2-kmp-default-4.12.14-122.83.1 gfs2-kmp-default-debuginfo-4.12.14-122.83.1 kernel-default-debuginfo-4.12.14-122.83.1 kernel-default-debugsource-4.12.14-122.83.1 ocfs2-kmp-default-4.12.14-122.83.1 ocfs2-kmp-default-debuginfo-4.12.14-122.83.1 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-36386.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1186672 https://bugzilla.suse.com/1187038 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1187846 https://bugzilla.suse.com/1188026 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188750 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Tue Aug 10 13:56:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 15:56:51 +0200 (CEST) Subject: SUSE-SU-2021:2644-1: important: Security update for the Linux Kernel Message-ID: <20210810135651.8D372FCEF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2644-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1176724 #1176931 #1176940 #1179195 #1181161 #1183871 #1184114 #1184350 #1184804 #1185377 #1186206 #1186482 #1186483 #1186672 #1187038 #1187476 #1187846 #1188026 #1188101 #1188405 #1188620 #1188750 #1188838 #1188876 #1188885 #1188973 Cross-References: CVE-2020-0429 CVE-2020-36386 CVE-2021-22543 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36386 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). - CVE-2020-36386: Fixed a slab out-of-bounds read in hci_extended_inquiry_result_evt (bsc#1187038). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: move many drivers to use DEVICE_ATTR_WO (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188750). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - crypto: do not free algorithm before using (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e100: handle eeprom as little endian (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add NULL pointer checks when freeing irqs (bsc#1176940). - gve: Add basic driver framework for Compute Engine Virtual NIC (jsc#SLE-10538). - gve: Add dqo descriptors (bsc#1176940). - gve: Add ethtool support (jsc#SLE-10538). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Add workqueue and reset support (jsc#SLE-10538). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538). - gve: Correct SKB queue index validation (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (bsc#1176940). - gve: Fix case where desc_cnt and data_cnt can get out of sync (jsc#SLE-10538). - gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538). - gve: Fix the queue page list allocated pages count (bsc#1176940). - gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Fixes DMA synchronization (jsc#SLE-10538). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Remove the exporting of gve_probe (jsc#SLE-10538). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940). - gve: Upgrade memory barrier in poll routine (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: fix -ENOMEM null check on a page allocation (jsc#SLE-10538). - gve: fix dma sync bug where not all pages synced (bsc#1176940). - gve: fix unused variable/label warnings (jsc#SLE-10538). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: replace kfree with kvfree (jsc#SLE-10538). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161). - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel-binary.spec.in: build-id check requires elfutils. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: Google gve: Remove dma_wmb() before ringing doorbell (bsc#1176940). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-core: add cancel tagset helpers (bsc#1181161). - nvme-multipath: fix double initialization of ANA state (bsc#1181161). - nvme-rdma: add clean action for failed reconnection (bsc#1181161). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1181161). - nvme-rdma: use cancel tagset helper for tear down (bsc#1181161). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1181161). - nvmet: use new ana_log_size instead the old one (bsc#1181161). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries/scm: Use a specific endian format for storing uuid from the device tree (bsc#1113295, git-fixes). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - replaced with above upstream fix. - replaced with upstream security mitigation cleanup - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - scripts/git_sort/git_sort.py: add bpf git repo - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usbip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - usbip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2644=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.68.1 kernel-source-azure-4.12.14-16.68.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.68.1 kernel-azure-base-4.12.14-16.68.1 kernel-azure-base-debuginfo-4.12.14-16.68.1 kernel-azure-debuginfo-4.12.14-16.68.1 kernel-azure-debugsource-4.12.14-16.68.1 kernel-azure-devel-4.12.14-16.68.1 kernel-syms-azure-4.12.14-16.68.1 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-36386.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1186672 https://bugzilla.suse.com/1187038 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1187846 https://bugzilla.suse.com/1188026 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188750 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Tue Aug 10 16:21:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 18:21:10 +0200 (CEST) Subject: SUSE-RU-2021:2651-1: moderate: Recommended update linuxrc Message-ID: <20210810162110.96B3EFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update linuxrc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2651-1 Rating: moderate References: #1187235 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for linuxrc fixes the following issues: - Read 'rules.xml' if autoyast option indicates a rules-based setup. (bsc#1187235) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2651=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): linuxrc-7.0.15.8-3.21.1 linuxrc-debuginfo-7.0.15.8-3.21.1 linuxrc-debugsource-7.0.15.8-3.21.1 References: https://bugzilla.suse.com/1187235 From sle-updates at lists.suse.com Tue Aug 10 16:22:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Aug 2021 18:22:21 +0200 (CEST) Subject: SUSE-RU-2021:2650-1: moderate: Recommended update for xfsprogs Message-ID: <20210810162221.1F7CAFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2650-1 Rating: moderate References: #1187832 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfsprogs fixes the following issues: - Fix for XFS file system corruption. (bsc#1187832) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2650=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2650=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xfsprogs-debuginfo-4.15.0-3.9.1 xfsprogs-debugsource-4.15.0-3.9.1 xfsprogs-devel-4.15.0-3.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-3.9.1 xfsprogs-debuginfo-4.15.0-3.9.1 xfsprogs-debugsource-4.15.0-3.9.1 References: https://bugzilla.suse.com/1187832 From sle-updates at lists.suse.com Wed Aug 11 16:16:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Aug 2021 18:16:33 +0200 (CEST) Subject: SUSE-RU-2021:2652-1: moderate: Recommended update for cloud-regionsrv Message-ID: <20210811161633.648CBFCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2652-1 Rating: moderate References: #1029162 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv contains the following fix: - Update to version 8.1.0: (bsc#1029162) + Enable multiple IP assignments (IPv4+IPv6) on TLS Certificate Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2652=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-8.1.0-11.3.1 cloud-regionsrv-generic-config-1.0.0-11.3.1 References: https://bugzilla.suse.com/1029162 From sle-updates at lists.suse.com Thu Aug 12 07:17:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 09:17:04 +0200 (CEST) Subject: SUSE-SU-2021:14777-1: important: Security update for cpio Message-ID: <20210812071704.A66E1FCEF@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14777-1 Rating: important References: #1189206 Cross-References: CVE-2021-38185 CVSS scores: CVE-2021-38185 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cpio-14777=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cpio-14777=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cpio-14777=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-cpio-14777=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cpio-2.9-75.81.8.1 cpio-lang-2.9-75.81.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cpio-2.9-75.81.8.1 cpio-lang-2.9-75.81.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cpio-debuginfo-2.9-75.81.8.1 cpio-debugsource-2.9-75.81.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): cpio-debuginfo-2.9-75.81.8.1 cpio-debugsource-2.9-75.81.8.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189206 From sle-updates at lists.suse.com Thu Aug 12 10:17:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 12:17:49 +0200 (CEST) Subject: SUSE-RU-2021:2654-1: moderate: Recommended update for system-config-printer Message-ID: <20210812101749.619B0FCEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-config-printer ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2654-1 Rating: moderate References: #1116867 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for system-config-printer fixes the following issues: - Require python3-requests to avoid printer installation failure due to missing python module. (bsc#1116867) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2654=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2654=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): system-config-printer-debugsource-1.5.7-8.3.1 udev-configure-printer-1.5.7-8.3.1 udev-configure-printer-debuginfo-1.5.7-8.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): python3-cupshelpers-1.5.7-8.3.1 system-config-printer-common-1.5.7-8.3.1 system-config-printer-common-lang-1.5.7-8.3.1 system-config-printer-dbus-service-1.5.7-8.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): system-config-printer-debugsource-1.5.7-8.3.1 udev-configure-printer-1.5.7-8.3.1 udev-configure-printer-debuginfo-1.5.7-8.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): python3-cupshelpers-1.5.7-8.3.1 system-config-printer-common-1.5.7-8.3.1 system-config-printer-common-lang-1.5.7-8.3.1 system-config-printer-dbus-service-1.5.7-8.3.1 References: https://bugzilla.suse.com/1116867 From sle-updates at lists.suse.com Thu Aug 12 13:17:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:17:23 +0200 (CEST) Subject: SUSE-RU-2021:2676-1: moderate: Recommended update for SUSE Manager Proxy 4.2 Message-ID: <20210812131723.2CF19FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2676-1 Rating: moderate References: #1183151 #1186650 #1187593 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages spacewalk-backend: - Fix rpm handling of empty package group and devicefiles tag (bsc#1186650) - Check if batch needs to be imported even after failure (bsc#1183151) - Show better error message when reposync failed spacewalk-certs-tools: - Generate SSL private keys FIPS 140-2 compatible (bsc#1187593) spacewalk-client-tools: - No visible impact for the user spacewalk-oscap: - No visible impact for the user spacewalk-proxy: - No visible impact for the user spacewalk-proxy-installer: - No visible impact for the user spacewalk-web: - Add option to run Ansible playbooks in 'test' mode - New filter template: Live patching based on a system - Fix bugged search in formula catalog - Convert Virtualization modal dialogs to react-modal - Update the version for the WebUI suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-2676=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): mgr-cfg-4.2.3-2.3.1 mgr-cfg-actions-4.2.3-2.3.1 mgr-cfg-client-4.2.3-2.3.1 mgr-cfg-management-4.2.3-2.3.1 mgr-custom-info-4.2.2-2.3.1 mgr-osad-4.2.6-2.3.1 mgr-push-4.2.3-2.3.1 python3-mgr-cfg-4.2.3-2.3.1 python3-mgr-cfg-actions-4.2.3-2.3.1 python3-mgr-cfg-client-4.2.3-2.3.1 python3-mgr-cfg-management-4.2.3-2.3.1 python3-mgr-osa-common-4.2.6-2.3.1 python3-mgr-osad-4.2.6-2.3.1 python3-mgr-push-4.2.3-2.3.1 python3-rhnlib-4.2.4-4.3.1 python3-spacewalk-certs-tools-4.2.11-3.3.1 python3-spacewalk-check-4.2.12-4.3.1 python3-spacewalk-client-setup-4.2.12-4.3.1 python3-spacewalk-client-tools-4.2.12-4.3.1 python3-spacewalk-oscap-4.2.2-4.3.1 python3-suseRegisterInfo-4.2.4-4.3.1 spacecmd-4.2.11-4.3.1 spacewalk-backend-4.2.15-4.3.1 spacewalk-base-minimal-4.2.20-3.3.2 spacewalk-base-minimal-config-4.2.20-3.3.2 spacewalk-certs-tools-4.2.11-3.3.1 spacewalk-check-4.2.12-4.3.1 spacewalk-client-setup-4.2.12-4.3.1 spacewalk-client-tools-4.2.12-4.3.1 spacewalk-oscap-4.2.2-4.3.1 spacewalk-proxy-broker-4.2.6-3.3.1 spacewalk-proxy-common-4.2.6-3.3.1 spacewalk-proxy-installer-4.2.5-3.3.1 spacewalk-proxy-management-4.2.6-3.3.1 spacewalk-proxy-package-manager-4.2.6-3.3.1 spacewalk-proxy-redirect-4.2.6-3.3.1 spacewalk-proxy-salt-4.2.6-3.3.1 suseRegisterInfo-4.2.4-4.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (x86_64): python3-uyuni-common-libs-4.2.5-3.3.1 References: https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1187593 From sle-updates at lists.suse.com Thu Aug 12 13:18:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:18:48 +0200 (CEST) Subject: SUSE-RU-2021:2671-1: moderate: Recommended update for salt Message-ID: <20210812131848.90599FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2671-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1187787 #1187813 #1188170 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - virt: use /dev/kvm to detect KVM - zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2671=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2671=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2671=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2671=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2671=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2671=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2671=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2671=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2671=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Manager Server 4.0 (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Manager Retail Branch Server 4.0 (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Manager Proxy 4.0 (x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Manager Proxy 4.0 (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3002.2-42.1 salt-3002.2-42.1 salt-api-3002.2-42.1 salt-cloud-3002.2-42.1 salt-doc-3002.2-42.1 salt-master-3002.2-42.1 salt-minion-3002.2-42.1 salt-proxy-3002.2-42.1 salt-ssh-3002.2-42.1 salt-standalone-formulas-configuration-3002.2-42.1 salt-syndic-3002.2-42.1 salt-transactional-update-3002.2-42.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3002.2-42.1 salt-fish-completion-3002.2-42.1 salt-zsh-completion-3002.2-42.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 13:21:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:21:20 +0200 (CEST) Subject: SUSE-SU-2021:2673-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20210812132120.95670FD0A@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2673-1 Rating: moderate References: #1175478 #1186242 #1186508 #1186581 #1186650 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS scores: CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities, contains one feature is now available. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SUSE Linux Enterprise 15, SP1, SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) - SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * TSDB: Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions. + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. * TSDB: Do not panic when writing very large records to the WAL. * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. * Scaleway Discovery: Fix nil pointer dereference. * Consul Discovery: Restart no longer required after config update with no targets. - Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of firewalld related configuration files as SLE-15-SP1's `firewalld` package does not contain prometheus configuration yet. grafana: - Update to version 7.5.7: * Updated relref to "Configuring exemplars" section * Added exemplar topic * Quota: Do not count folders towards dashboard quota * Instructions to separate emails with semicolons * Docs: Remove documentation of v8 generic OAuth feature * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned * Add missing '--no-cache' to Dockerfile. * ReleaseNotes: Updated changelog and release notes for 7.5.6 * Stop hoisting @icons/material * Chore: fix react-color version in yarn.lock. * "Release: Updated versions in package to 7.5.6" * Loki: fix label browser crashing when + typed * Document `hide_version` flag * Add isolation level db configuration parameter * Sanitize PromLink button * Docs feedback: '/administration/provisioning.md' * Docs: delete from high availability docs references to removed configurations related to session storage * Docs: Update '_index.md' * Docs: Update 'installation.md' * GraphNG: uPlot 1.6.9 * dont consider invalid email address a failed email * InfluxDB: Improve measurement-autocomplete behavior in query editor * add template for dashboard url parameters * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model * Update 'team.md' * Removed duplicate file 'dashboard_folder_permissions.md' * Document 'customQueryParameters' for prometheus datasource provisioning * ReleaseNotes: Updated changelog and release notes for 7.5.5 * Documentation: Update 'developer-guide.md' * add closed parenthesis to fix a hyperlink * GraphNG: Fix exemplars window position * Remove field limitation from slack notification * Prometheus: Support POST in template variables * Instrumentation: Add success rate metrics for email notifications * Use either moment objects (for absolute times in the datepicker) or string (for relative time) * Docs: Removed type from find annotations example. * FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus * Updated label for add panel. * Bug: Add git to ''Dockerfile.ubuntu' * Docs: Sync latest master docs with 7.5.x * Docs: Update ''getting-started-influxdb.md' * Doc: Document the X-Grafana-Org-Id HTTP header * Minor Changes in ''Auditing.md' * Docs: Add license check endpoint doc * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second * Docs: InfluxDB doc improvements * Loki: Pass Skip TLS Verify setting to alert queries * update cla * Fix inefficient regular expression * Auth: Don't clear auth token cookie when lookup token fails * Elasticsearch: Add documentation for supported Elasticsearch query transformations * Fixed some formatting issues for PRs from yesterday. * Explore: Load default data source in Explore when the provided source does not exist * Docs: Replace next with latest in aliases * Added missing link item. * Docs: Backport 32916 to v7.5x * ReleaseNotes: Updated changelog and release notes for 7.5.4 * Elasticsearch: Force re-rendering of each editor row type change * Docs: Sync release branch with latest docs - Update to version 7.5.4: * "Release: Updated versions in package to 7.5.4" (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * "Release: Updated versions in package to 7.5.3" (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * "Release: Updated versions in package to 7.5.2" (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * "Release: Updated versions in package to 7.5.1" (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * "Release: Updated versions in package to 7.5.0" (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add "Discard" button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add "Classic Condition" on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ""Release: Updated versions in package to 7.4.3" (#31444)" (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * "Release: Updated versions in package to 7.4.3" (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Fixes an issue with time series panel and streaming data source when scrolling back from being out of view * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named "table" (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert "StoryBook: Introduces Grafana Controls (#31351)" (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to "default" (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added "Restart Grafana" topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section "Curated dashboards for Google Cloud Monitoring" for 7.4 What's New (#30724) * Added "curated dashboards" information and broke down, rearranged topics. (#30659) * Transform: improve the "outer join" performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * "Release: Updated versions in package to 7.5.0-pre.0" (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 * Security: Fix API permissions issues related to team-sync CVE-2021-28146, CVE-2021-28147. * Security: Usage insights requires signed in users CVE-2021-28148. * Security: Do not allow editors to incorrectly bypass permissions on the default data source. CVE-2021-27962. mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - No visible impact for the user spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-2673=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-1.29.2 grafana-7.5.7-1.21.2 python2-uyuni-common-libs-4.2.5-1.15.2 - SUSE Manager Tools 12 (noarch): mgr-cfg-4.2.3-1.18.2 mgr-cfg-actions-4.2.3-1.18.2 mgr-cfg-client-4.2.3-1.18.2 mgr-cfg-management-4.2.3-1.18.2 mgr-custom-info-4.2.2-1.12.2 mgr-osad-4.2.6-1.30.2 mgr-push-4.2.3-1.12.2 mgr-virtualization-host-4.2.2-1.20.2 python2-mgr-cfg-4.2.3-1.18.2 python2-mgr-cfg-actions-4.2.3-1.18.2 python2-mgr-cfg-client-4.2.3-1.18.2 python2-mgr-cfg-management-4.2.3-1.18.2 python2-mgr-osa-common-4.2.6-1.30.2 python2-mgr-osad-4.2.6-1.30.2 python2-mgr-push-4.2.3-1.12.2 python2-mgr-virtualization-common-4.2.2-1.20.2 python2-mgr-virtualization-host-4.2.2-1.20.2 python2-rhnlib-4.2.4-21.34.2 python2-spacewalk-check-4.2.12-52.53.2 python2-spacewalk-client-setup-4.2.12-52.53.2 python2-spacewalk-client-tools-4.2.12-52.53.2 python2-spacewalk-koan-4.2.4-24.24.2 python2-spacewalk-oscap-4.2.2-19.18.2 python2-suseRegisterInfo-4.2.4-25.18.2 spacecmd-4.2.11-38.85.2 spacewalk-check-4.2.12-52.53.2 spacewalk-client-setup-4.2.12-52.53.2 spacewalk-client-tools-4.2.12-52.53.2 spacewalk-koan-4.2.4-24.24.2 spacewalk-oscap-4.2.2-19.18.2 suseRegisterInfo-4.2.4-25.18.2 References: https://www.suse.com/security/cve/CVE-2021-27962.html https://www.suse.com/security/cve/CVE-2021-28146.html https://www.suse.com/security/cve/CVE-2021-28147.html https://www.suse.com/security/cve/CVE-2021-28148.html https://www.suse.com/security/cve/CVE-2021-29622.html https://bugzilla.suse.com/1175478 https://bugzilla.suse.com/1186242 https://bugzilla.suse.com/1186508 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186650 From sle-updates at lists.suse.com Thu Aug 12 13:23:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:23:02 +0200 (CEST) Subject: SUSE-SU-2021:2660-1: important: Security update for grafana Message-ID: <20210812132302.574C7FD0A@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2660-1 Rating: important References: #1183803 #1183809 #1183811 #1183813 #1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803) - Update to version 7.5.7: * Updated relref to "Configuring exemplars" section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * "Release: Updated versions in package to 7.5.6" (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file "dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * "Release: Updated versions in package to 7.5.5" (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * "Release: Updated versions in package to 7.5.4" (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * "Release: Updated versions in package to 7.5.3" (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * "Release: Updated versions in package to 7.5.2" (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * "Release: Updated versions in package to 7.5.1" (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * "Release: Updated versions in package to 7.5.0" (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add "Discard" button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to??? (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add "Classic Condition" on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ""Release: Updated versions in package to 7.4.3" (#31444)" (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * "Release: Updated versions in package to 7.4.3" (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named "table" (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert "StoryBook: Introduces Grafana Controls (#31351)" (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to "default" (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt??? (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added "Restart Grafana" topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section "Curated dashboards for Google Cloud Monitoring" for 7.4 What's New (#30724) * Added "curated dashboards" information and broke down, rearranged topics. (#30659) * Transform: improve the "outer join" performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * "Release: Updated versions in package to 7.5.0-pre.0" (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 - CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809) - CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813) - CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-2660=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-7.5.7-1.21.1 References: https://www.suse.com/security/cve/CVE-2021-27358.html https://www.suse.com/security/cve/CVE-2021-27962.html https://www.suse.com/security/cve/CVE-2021-28146.html https://www.suse.com/security/cve/CVE-2021-28147.html https://www.suse.com/security/cve/CVE-2021-28148.html https://bugzilla.suse.com/1183803 https://bugzilla.suse.com/1183809 https://bugzilla.suse.com/1183811 https://bugzilla.suse.com/1183813 https://bugzilla.suse.com/1184371 From sle-updates at lists.suse.com Thu Aug 12 13:25:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:25:45 +0200 (CEST) Subject: SUSE-SU-2021:2675-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20210812132545.32CC1FCF4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2675-1 Rating: moderate References: #1175478 #1186242 #1186508 #1186581 #1186650 #1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS scores: CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains one feature and has one errata is now available. Description: This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 (bsc#1188846) - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE Linux Enterprise 15, 15 SP1, 15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions. - Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's `firewalld` package does not contain 'prometheus' configuration yet. mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-2675=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-3.31.1 python3-uyuni-common-libs-4.2.5-1.15.1 - SUSE Manager Tools 15 (noarch): ansible-2.9.21-1.5.1 ansible-doc-2.9.21-1.5.1 dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1 mgr-cfg-4.2.3-1.18.1 mgr-cfg-actions-4.2.3-1.18.1 mgr-cfg-client-4.2.3-1.18.1 mgr-cfg-management-4.2.3-1.18.1 mgr-custom-info-4.2.2-1.12.1 mgr-osad-4.2.6-1.30.1 mgr-push-4.2.3-1.12.1 mgr-virtualization-host-4.2.2-1.20.1 python3-mgr-cfg-4.2.3-1.18.1 python3-mgr-cfg-actions-4.2.3-1.18.1 python3-mgr-cfg-client-4.2.3-1.18.1 python3-mgr-cfg-management-4.2.3-1.18.1 python3-mgr-osa-common-4.2.6-1.30.1 python3-mgr-osad-4.2.6-1.30.1 python3-mgr-push-4.2.3-1.12.1 python3-mgr-virtualization-common-4.2.2-1.20.1 python3-mgr-virtualization-host-4.2.2-1.20.1 python3-rhnlib-4.2.4-3.28.1 python3-spacewalk-check-4.2.12-3.44.1 python3-spacewalk-client-setup-4.2.12-3.44.1 python3-spacewalk-client-tools-4.2.12-3.44.1 python3-spacewalk-koan-4.2.4-3.21.1 python3-spacewalk-oscap-4.2.2-3.12.1 python3-suseRegisterInfo-4.2.4-3.15.1 spacecmd-4.2.11-3.62.1 spacewalk-check-4.2.12-3.44.1 spacewalk-client-setup-4.2.12-3.44.1 spacewalk-client-tools-4.2.12-3.44.1 spacewalk-koan-4.2.4-3.21.1 spacewalk-oscap-4.2.2-3.12.1 suseRegisterInfo-4.2.4-3.15.1 References: https://www.suse.com/security/cve/CVE-2021-27962.html https://www.suse.com/security/cve/CVE-2021-28146.html https://www.suse.com/security/cve/CVE-2021-28147.html https://www.suse.com/security/cve/CVE-2021-28148.html https://www.suse.com/security/cve/CVE-2021-29622.html https://bugzilla.suse.com/1175478 https://bugzilla.suse.com/1186242 https://bugzilla.suse.com/1186508 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1188846 From sle-updates at lists.suse.com Thu Aug 12 13:27:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:27:31 +0200 (CEST) Subject: SUSE-SU-2021:2664-1: moderate: Security update for golang-github-prometheus-prometheus Message-ID: <20210812132731.3F48EFCF4@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2664-1 Rating: moderate References: #1186242 SLE-18254 Cross-References: CVE-2021-29622 CVSS scores: CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 - Add tarball with vendor modules and web assets - Uyuni: Read formula data from exporters map - Uyuni: Add support for TLS targets - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. #8626 * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. #8542 + Features * Remote: Add support for AWS SigV4 auth method for remote_write. #8509 * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487 * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634 + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. #8457 * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512 * Scrape: Add follow_redirects option to scrape configuration. #8546 * Remote: Allow retries on HTTP 429 response code for remote_write. #8237 #8477 * Remote: Allow configuring custom headers for remote_read. #8516 * UI: Hitting Enter now triggers new query. #8581 * UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609 * UI: Add collapse/expand all button on the /targets page. #8486 - Upgrade to upstream version 2.25.0 + Features * Include a new `--enable-feature=` flag that enables experimental features. + Enhancements * Add optional name property to testgroup for better test failure output. #8440 * Add warnings into React Panel on the Graph page. #8427 * TSDB: Increase the number of buckets for the compaction duration metric. #8342 * Remote: Allow passing along custom remote_write HTTP headers. #8416 * Mixins: Scope grafana configuration. #8332 * Kubernetes SD: Add endpoint labels metadata. #8273 * UI: Expose total number of label pairs in head in TSDB stats page. #8343 * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343 + Bug fixes * API: Fix global URL when external address has no port. #8359 * Deprecate unused flag --alertmanager.timeout. #8407 - Upgrade to upstream version 2.24.1 + Enhancements * Cache basic authentication results to significantly improve performance of HTTP endpoints. - Upgrade to upstream version 2.24.0 + Features * Add TLS and basic authentication to HTTP endpoints. #8316 * promtool: Add check web-config subcommand to check web config files. #8319 * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * HTTP API: Fast-fail queries with only empty matchers. #8288 * HTTP API: Support matchers for labels API. #8301 * promtool: Improve checking of URLs passed on the command line. #7956 * SD: Expose IPv6 as a label in EC2 SD. #7086 * SD: Reuse EC2 client, reducing frequency of requesting credentials. #8311 * TSDB: Add logging when compaction takes more than the block time range. #8151 * TSDB: Avoid unnecessary GC runs after compaction. #8276 - Upgrade to upstream version 2.23.0 + Changes * UI: Make the React UI default. #8142 * Remote write: The following metrics were removed/renamed in remote write. #6815 > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total . > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. #8060 + Enhancements * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. #8102 * TSDB: Make the snapshot directory name always the same length. #8138 * TSDB: Create a checkpoint only once at the end of all head compactions. #8067 * TSDB: Avoid Series API from hitting the chunks. #8050 * TSDB: Cache label name and last value when adding series during compactions making compactions faster. #8192 * PromQL: Improved performance of Hash method making queries a bit faster. #8025 * promtool: tsdb list now prints block sizes. #7993 * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. #8096 * SD: Add filtering of services to Docker Swarm SD. #8074 - Uyuni: `hostname` label is now set to FQDN instead of IP - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias + Add support for Prometheus exporters proxy - Remove prometheus.firewall.xml source file - Remove firewalld files. They are installed in the main firewalld package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2664=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-prometheus-2.27.1-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-29622.html https://bugzilla.suse.com/1186242 From sle-updates at lists.suse.com Thu Aug 12 13:29:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:29:42 +0200 (CEST) Subject: SUSE-RU-2021:2665-1: Recommended update for SUSE Manager 4.2.1 Release Notes Message-ID: <20210812132942.5705DFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.2.1 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2665-1 Rating: low References: #1164192 #1167586 #1173692 #1180650 #1182769 #1182817 #1183151 #1184659 #1185131 #1185679 #1186025 #1186287 #1186310 #1186502 #1186650 #1186744 #1187065 #1187397 #1187441 #1187451 #1187593 #1187621 #1187660 #1187787 #1187813 #1187963 #1188073 #1188170 #1188289 #1188297 #1188395 Affected Products: SUSE Manager Server 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 31 recommended fixes can now be installed. Description: This update for SUSE Manager 4.2.1 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.1 - Bugs mentioned bsc#1164192, bsc#1167586, bsc#1173692, bsc#1180650, bsc#1182769, bsc#1182817, bsc#1183151, bsc#1184659, bsc#1185131, bsc#1185679, bsc#1186025, bsc#1186287, bsc#1186310, bsc#1186502, bsc#1186650, bsc#1186744, bsc#1187065, bsc#1187397, bsc#1187441, bsc#1187451, bsc#1187593, bsc#1187621, bsc#1187660, bsc#1187787, bsc#1187813, bsc#1187963, bsc#1188073, bsc#1188170, bsc#1188289, bsc#1188297, bsc#1188395 Release notes for SUSE Manager proxy: - Update to 4.2.1 - Bugs mentioned: bsc#1183151, bsc#1186650, bsc#1187593 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2021-2665=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2021-2665=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2021-2665=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.1-3.6.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.1-3.6.1 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.1-3.6.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1182769 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1185679 https://bugzilla.suse.com/1186025 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186502 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1186744 https://bugzilla.suse.com/1187065 https://bugzilla.suse.com/1187397 https://bugzilla.suse.com/1187441 https://bugzilla.suse.com/1187451 https://bugzilla.suse.com/1187593 https://bugzilla.suse.com/1187621 https://bugzilla.suse.com/1187660 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1187963 https://bugzilla.suse.com/1188073 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188289 https://bugzilla.suse.com/1188297 https://bugzilla.suse.com/1188395 From sle-updates at lists.suse.com Thu Aug 12 13:34:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:34:35 +0200 (CEST) Subject: SUSE-RU-2021:2655-1: moderate: Recommended update for libreoffice Message-ID: <20210812133435.49FB1FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2655-1 Rating: moderate References: #1178806 #1182969 #1186871 #1187173 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libreoffice fixes the following issues: Update to version 7.1.4.2 (bsc#1178806) - Fix external URL connections issues when WebDav is built using 'libserf'. (bsc#1187173, bsc#1186871) - Fix a regression caused by "Multi column textbox in editengine". - Improve the build time on aarch64 to select only powerful buildhosts. - Fix an issue with PPTX where one column becomes two within one text frame. (bsc#1182969) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2655=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): libreoffice-branding-upstream-7.1.4.2-13.24.1 libreoffice-icon-themes-7.1.4.2-13.24.1 libreoffice-l10n-af-7.1.4.2-13.24.1 libreoffice-l10n-ar-7.1.4.2-13.24.1 libreoffice-l10n-as-7.1.4.2-13.24.1 libreoffice-l10n-bg-7.1.4.2-13.24.1 libreoffice-l10n-bn-7.1.4.2-13.24.1 libreoffice-l10n-br-7.1.4.2-13.24.1 libreoffice-l10n-ca-7.1.4.2-13.24.1 libreoffice-l10n-cs-7.1.4.2-13.24.1 libreoffice-l10n-cy-7.1.4.2-13.24.1 libreoffice-l10n-da-7.1.4.2-13.24.1 libreoffice-l10n-de-7.1.4.2-13.24.1 libreoffice-l10n-dz-7.1.4.2-13.24.1 libreoffice-l10n-el-7.1.4.2-13.24.1 libreoffice-l10n-en-7.1.4.2-13.24.1 libreoffice-l10n-eo-7.1.4.2-13.24.1 libreoffice-l10n-es-7.1.4.2-13.24.1 libreoffice-l10n-et-7.1.4.2-13.24.1 libreoffice-l10n-eu-7.1.4.2-13.24.1 libreoffice-l10n-fa-7.1.4.2-13.24.1 libreoffice-l10n-fi-7.1.4.2-13.24.1 libreoffice-l10n-fr-7.1.4.2-13.24.1 libreoffice-l10n-ga-7.1.4.2-13.24.1 libreoffice-l10n-gl-7.1.4.2-13.24.1 libreoffice-l10n-gu-7.1.4.2-13.24.1 libreoffice-l10n-he-7.1.4.2-13.24.1 libreoffice-l10n-hi-7.1.4.2-13.24.1 libreoffice-l10n-hr-7.1.4.2-13.24.1 libreoffice-l10n-hu-7.1.4.2-13.24.1 libreoffice-l10n-it-7.1.4.2-13.24.1 libreoffice-l10n-ja-7.1.4.2-13.24.1 libreoffice-l10n-kk-7.1.4.2-13.24.1 libreoffice-l10n-kn-7.1.4.2-13.24.1 libreoffice-l10n-ko-7.1.4.2-13.24.1 libreoffice-l10n-lt-7.1.4.2-13.24.1 libreoffice-l10n-lv-7.1.4.2-13.24.1 libreoffice-l10n-mai-7.1.4.2-13.24.1 libreoffice-l10n-ml-7.1.4.2-13.24.1 libreoffice-l10n-mr-7.1.4.2-13.24.1 libreoffice-l10n-nb-7.1.4.2-13.24.1 libreoffice-l10n-nl-7.1.4.2-13.24.1 libreoffice-l10n-nn-7.1.4.2-13.24.1 libreoffice-l10n-nr-7.1.4.2-13.24.1 libreoffice-l10n-nso-7.1.4.2-13.24.1 libreoffice-l10n-or-7.1.4.2-13.24.1 libreoffice-l10n-pa-7.1.4.2-13.24.1 libreoffice-l10n-pl-7.1.4.2-13.24.1 libreoffice-l10n-pt_BR-7.1.4.2-13.24.1 libreoffice-l10n-pt_PT-7.1.4.2-13.24.1 libreoffice-l10n-ro-7.1.4.2-13.24.1 libreoffice-l10n-ru-7.1.4.2-13.24.1 libreoffice-l10n-si-7.1.4.2-13.24.1 libreoffice-l10n-sk-7.1.4.2-13.24.1 libreoffice-l10n-sl-7.1.4.2-13.24.1 libreoffice-l10n-sr-7.1.4.2-13.24.1 libreoffice-l10n-ss-7.1.4.2-13.24.1 libreoffice-l10n-st-7.1.4.2-13.24.1 libreoffice-l10n-sv-7.1.4.2-13.24.1 libreoffice-l10n-ta-7.1.4.2-13.24.1 libreoffice-l10n-te-7.1.4.2-13.24.1 libreoffice-l10n-th-7.1.4.2-13.24.1 libreoffice-l10n-tn-7.1.4.2-13.24.1 libreoffice-l10n-tr-7.1.4.2-13.24.1 libreoffice-l10n-ts-7.1.4.2-13.24.1 libreoffice-l10n-uk-7.1.4.2-13.24.1 libreoffice-l10n-ve-7.1.4.2-13.24.1 libreoffice-l10n-xh-7.1.4.2-13.24.1 libreoffice-l10n-zh_CN-7.1.4.2-13.24.1 libreoffice-l10n-zh_TW-7.1.4.2-13.24.1 libreoffice-l10n-zu-7.1.4.2-13.24.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libreoffice-7.1.4.2-13.24.1 libreoffice-base-7.1.4.2-13.24.1 libreoffice-base-debuginfo-7.1.4.2-13.24.1 libreoffice-base-drivers-postgresql-7.1.4.2-13.24.1 libreoffice-base-drivers-postgresql-debuginfo-7.1.4.2-13.24.1 libreoffice-calc-7.1.4.2-13.24.1 libreoffice-calc-debuginfo-7.1.4.2-13.24.1 libreoffice-calc-extensions-7.1.4.2-13.24.1 libreoffice-debuginfo-7.1.4.2-13.24.1 libreoffice-debugsource-7.1.4.2-13.24.1 libreoffice-draw-7.1.4.2-13.24.1 libreoffice-draw-debuginfo-7.1.4.2-13.24.1 libreoffice-filters-optional-7.1.4.2-13.24.1 libreoffice-gnome-7.1.4.2-13.24.1 libreoffice-gnome-debuginfo-7.1.4.2-13.24.1 libreoffice-gtk3-7.1.4.2-13.24.1 libreoffice-gtk3-debuginfo-7.1.4.2-13.24.1 libreoffice-impress-7.1.4.2-13.24.1 libreoffice-impress-debuginfo-7.1.4.2-13.24.1 libreoffice-mailmerge-7.1.4.2-13.24.1 libreoffice-math-7.1.4.2-13.24.1 libreoffice-math-debuginfo-7.1.4.2-13.24.1 libreoffice-officebean-7.1.4.2-13.24.1 libreoffice-officebean-debuginfo-7.1.4.2-13.24.1 libreoffice-pyuno-7.1.4.2-13.24.1 libreoffice-pyuno-debuginfo-7.1.4.2-13.24.1 libreoffice-writer-7.1.4.2-13.24.1 libreoffice-writer-debuginfo-7.1.4.2-13.24.1 libreoffice-writer-extensions-7.1.4.2-13.24.1 libreofficekit-7.1.4.2-13.24.1 References: https://bugzilla.suse.com/1178806 https://bugzilla.suse.com/1182969 https://bugzilla.suse.com/1186871 https://bugzilla.suse.com/1187173 From sle-updates at lists.suse.com Thu Aug 12 13:36:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:36:03 +0200 (CEST) Subject: SUSE-RU-2021:14779-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210812133603.DE8BFFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14779-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1186581 #1187787 #1187813 #1188170 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 13 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) scap-security-guide: - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202107-14779=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+92.2 salt-minion-3002.2+ds-1+92.2 scap-security-guide-ubuntu-0.1.56-5.2 spacecmd-4.2.11-29.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 13:38:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:38:44 +0200 (CEST) Subject: SUSE-RU-2021:2669-1: moderate: Recommended update for salt Message-ID: <20210812133844.AB345FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2669-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1187787 #1187813 #1188170 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Transactional Server 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - virt: use /dev/kvm to detect KVM - zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2669=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2021-2669=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2669=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2669=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python3-salt-3002.2-43.1 salt-3002.2-43.1 salt-minion-3002.2-43.1 salt-transactional-update-3002.2-43.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-43.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-43.1 salt-cloud-3002.2-43.1 salt-master-3002.2-43.1 salt-proxy-3002.2-43.1 salt-ssh-3002.2-43.1 salt-standalone-formulas-configuration-3002.2-43.1 salt-syndic-3002.2-43.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3002.2-43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-43.1 salt-3002.2-43.1 salt-doc-3002.2-43.1 salt-minion-3002.2-43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3002.2-43.1 salt-zsh-completion-3002.2-43.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 13:41:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:41:15 +0200 (CEST) Subject: SUSE-RU-2021:2663-1: moderate: Recommended update for Salt Message-ID: <20210812134115.C16E4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2663-1 Rating: moderate References: #1164192 #1167586 #1180650 #1184659 #1185131 #1186287 #1186310 #1186674 #1187787 #1187813 #1188170 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Check if dpkgnotify is executable (bsc#1186674) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-2663=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2021-2663=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.145.1 python3-salt-3000-46.145.1 salt-3000-46.145.1 salt-doc-3000-46.145.1 salt-minion-3000-46.145.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.145.1 salt-3000-46.145.1 salt-api-3000-46.145.1 salt-cloud-3000-46.145.1 salt-doc-3000-46.145.1 salt-master-3000-46.145.1 salt-minion-3000-46.145.1 salt-proxy-3000-46.145.1 salt-ssh-3000-46.145.1 salt-standalone-formulas-configuration-3000-46.145.1 salt-syndic-3000-46.145.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-46.145.1 salt-zsh-completion-3000-46.145.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 13:43:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:43:41 +0200 (CEST) Subject: SUSE-RU-2021:2670-1: moderate: Recommended update for libmodulemd Message-ID: <20210812134341.297C4FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libmodulemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2670-1 Rating: moderate References: ECO-3458 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This recommended update for libmodulemd fixes the following issues: Provide libmodulemd (jsc#ECO-3458) - Make available libmodulemd to Basesystem Module 15 SP2 - Make available libmodulemd to Basesystem Module 15 SP3 - Make the package 'createrepo_c' installable Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2670=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2670=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libmodulemd-debuginfo-2.12.0-3.8.1 libmodulemd-debugsource-2.12.0-3.8.1 libmodulemd-devel-2.12.0-3.8.1 libmodulemd2-2.12.0-3.8.1 libmodulemd2-debuginfo-2.12.0-3.8.1 modulemd-validator-2.12.0-3.8.1 modulemd-validator-debuginfo-2.12.0-3.8.1 python3-libmodulemd-2.12.0-3.8.1 typelib-1_0-Modulemd-2_0-2.12.0-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libmodulemd-debuginfo-2.12.0-3.8.1 libmodulemd-debugsource-2.12.0-3.8.1 libmodulemd-devel-2.12.0-3.8.1 libmodulemd2-2.12.0-3.8.1 libmodulemd2-debuginfo-2.12.0-3.8.1 modulemd-validator-2.12.0-3.8.1 modulemd-validator-debuginfo-2.12.0-3.8.1 python3-libmodulemd-2.12.0-3.8.1 typelib-1_0-Modulemd-2_0-2.12.0-3.8.1 References: From sle-updates at lists.suse.com Thu Aug 12 13:44:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:44:47 +0200 (CEST) Subject: SUSE-RU-2021:2676-1: moderate: Recommended update for SUSE Manager Server 4.2 Message-ID: <20210812134447.4894BFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2676-1 Rating: moderate References: #1164192 #1167586 #1173692 #1180650 #1182769 #1182817 #1183151 #1184659 #1185131 #1185679 #1186025 #1186287 #1186310 #1186502 #1186650 #1186744 #1187065 #1187397 #1187441 #1187451 #1187593 #1187621 #1187660 #1187787 #1187813 #1187963 #1188073 #1188170 #1188289 #1188297 #1188395 #1188900 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 32 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (bsc#1185679) mgr-libmod: - Ignore self-dependencies (bsc#1186502) mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user prometheus-exporters-formula: - Fix null formula data dictionary values (bsc#1186025) - Fix exporter exporter modules configuration prometheus-formula: - Add docs stings in file SD UI py26-compat-salt: - Enhance openscap module: add "xccdf_eval" call py27-compat-salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages spacewalk-admin: - No visible impact for the user spacewalk-backend: - Fix rpm handling of empty package group and devicefiles tag (bsc#1186650) - Check if batch needs to be imported even after failure (bsc#1183151) - Show better error message when reposync failed spacewalk-branding: - Add modal dialog CSS style - Change white space behavior on modal bodies spacewalk-certs-tools: - Generate SSL private keys FIPS 140-2 compatible (bsc#1187593) spacewalk-client-tools: - No visible impact for the user spacewalk-java: - Fix system information forwarding to SCC (bsc#1188900) - Fix NPE error when scheduling ErrataAction from relevant errata page (bsc#1188289) - Bugfix: Prevent "no session" hibernate error on deleting server - Add option to run Ansible playbooks in 'test' mode - New filter template: Live patching based on a system - Adapt generated pillar data to run the new Salt scap state - SP migration: wait some seconds before scheduling "package refresh" action after migration is completed (bsc#1187963) - Cleanup and regenerate system state files when machine id has changed (bsc#1187660) - Manually disable repositories on redhat like systems - Do not update Kickstart session when download after session is complete or failed (bsc#1187621) - Define a pillar for the https port when connection as ssh-push with tunnel (bsc#1187441) - Fix the unit test coverage reports - Fix random NullPointerException when rendering page tabs (bsc#1182769) - Add missing task status strings (bsc#1186744) - Show the full state return message for VM actions - Show reposync errors in user notification details - Do not check accessibility of free product repositories (bsc#1182817) spacewalk-reports: - No visible impact for the user spacewalk-search: - No visible impact for the user spacewalk-setup: - No visible impact for the user spacewalk-utils: - Use the right URLs for the AlmaLinux 8 Uyuni client tools - Add SLE Updates and Backport Updates repositories for openSUSE Leap 15.3 spacewalk-web: - Add option to run Ansible playbooks in 'test' mode - New filter template: Live patching based on a system - Fix bugged search in formula catalog - Convert Virtualization modal dialogs to react-modal - Update the version for the WebUI suseRegisterInfo: - No visible impact for the user susemanager: - Improve the error management for the PostgreSQL migration script (bsc#1188297) - Add sanity checks in database migration and infere options from system - Fix a typo so mgr-create-bootstrap-script can exit gracefully when interrupted (bsc#1188073) - Porting the package to python3 with proper placement compiled python files - Show error message if server migration goes wrong - Update migration script to openSUSE 15.3 - Fix message in database migration (bsc#1187451) susemanager-doc-indexes: - Updated Image Management chapter in Administration Guide; Python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192) - Add procedure to create cluster managed virtual machine in Client Configuration Guide - Documented transfer between organizations in Reference and Administration Guide; this features was previously called migrate. - In Product Migration chapter of the Client Configuration Guide add a note to install pending updates before starting the migration (bsc#1187065). - Update OpenSCAP section in the Administration Guide for usability. - Added documentation on new database migration script - Added example for live patching based on a system filter template in content lifecycle management - Added a custom scrape configuration documentation to the Salt guide susemanager-docs_en: - Updated Image Management chapter in Administration Guide; Python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192) - Add procedure to create cluster managed virtual machine in Client Configuration Guide - Documented transfer between organizations in Reference and Administration Guide; this features was previously called migrate. - In Product Migration chapter of the Client Configuration Guide add a note to install pending updates before starting the migration (bsc#1187065). - Update OpenSCAP section in the Administration Guide for usability. - Added documentation on new database migration script - Added example for live patching based on a system filter template in content lifecycle management - Added a custom scrape configuration documentation to the Salt guide susemanager-schema: - Add 'test' flag to Ansible playbook actions - Use the right URLs for the AlmaLinux 8 Uyuni client tools susemanager-sls: - Fix parameters for 'runplaybook' state (bsc#1188395) - Fix Salt scap state to use new 'xccdf_eval' function - Fix product detection for native RHEL products (bsc#1187397) - When bootstrapping with ssh-push with tunnel use the port number for fetching GPG keys from the server (bsc#1187441) susemanager-sync-data: - Set free flag for free products (bsc#1182817) susemanager-tftpsync: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-2676=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-2676=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): python3-uyuni-common-libs-4.2.5-3.3.1 spacewalk-branding-4.2.11-3.3.1 susemanager-4.2.21-3.3.1 susemanager-tftpsync-4.2.3-3.3.1 susemanager-tools-4.2.21-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): cobbler-3.1.2-5.3.1 mgr-libmod-4.2.6-3.3.1 mgr-osa-dispatcher-4.2.6-2.3.1 mgr-push-4.2.3-2.3.1 prometheus-exporters-formula-1.0.2-3.3.1 prometheus-formula-0.4.1-3.3.1 py26-compat-salt-2016.11.10-7.14.6.1 py27-compat-salt-3000.3-7.7.5.1 python3-mgr-osa-common-4.2.6-2.3.1 python3-mgr-osa-dispatcher-4.2.6-2.3.1 python3-mgr-push-4.2.3-2.3.1 python3-rhnlib-4.2.4-4.3.1 python3-spacewalk-certs-tools-4.2.11-3.3.1 python3-spacewalk-client-tools-4.2.12-4.3.1 python3-suseRegisterInfo-4.2.4-4.3.1 spacecmd-4.2.11-4.3.1 spacewalk-admin-4.2.8-3.3.1 spacewalk-backend-4.2.15-4.3.1 spacewalk-backend-app-4.2.15-4.3.1 spacewalk-backend-applet-4.2.15-4.3.1 spacewalk-backend-config-files-4.2.15-4.3.1 spacewalk-backend-config-files-common-4.2.15-4.3.1 spacewalk-backend-config-files-tool-4.2.15-4.3.1 spacewalk-backend-iss-4.2.15-4.3.1 spacewalk-backend-iss-export-4.2.15-4.3.1 spacewalk-backend-package-push-server-4.2.15-4.3.1 spacewalk-backend-server-4.2.15-4.3.1 spacewalk-backend-sql-4.2.15-4.3.1 spacewalk-backend-sql-postgresql-4.2.15-4.3.1 spacewalk-backend-tools-4.2.15-4.3.1 spacewalk-backend-xml-export-libs-4.2.15-4.3.1 spacewalk-backend-xmlrpc-4.2.15-4.3.1 spacewalk-base-4.2.20-3.3.2 spacewalk-base-minimal-4.2.20-3.3.2 spacewalk-base-minimal-config-4.2.20-3.3.2 spacewalk-certs-tools-4.2.11-3.3.1 spacewalk-client-tools-4.2.12-4.3.1 spacewalk-html-4.2.20-3.3.2 spacewalk-java-4.2.27-3.8.1 spacewalk-java-config-4.2.27-3.8.1 spacewalk-java-lib-4.2.27-3.8.1 spacewalk-java-postgresql-4.2.27-3.8.1 spacewalk-reports-4.2.5-3.3.1 spacewalk-search-4.2.5-3.3.1 spacewalk-setup-4.2.7-3.3.1 spacewalk-taskomatic-4.2.27-3.8.1 spacewalk-utils-4.2.12-3.3.1 spacewalk-utils-extras-4.2.12-3.3.1 suseRegisterInfo-4.2.4-4.3.1 susemanager-doc-indexes-4.2-12.3.1 susemanager-docs_en-4.2-12.3.1 susemanager-docs_en-pdf-4.2-12.3.1 susemanager-schema-4.2.16-3.3.1 susemanager-sls-4.2.15-3.3.1 susemanager-sync-data-4.2.7-3.3.1 susemanager-web-libs-4.2.20-3.3.2 uyuni-config-modules-4.2.15-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): mgr-cfg-4.2.3-2.3.1 mgr-cfg-actions-4.2.3-2.3.1 mgr-cfg-client-4.2.3-2.3.1 mgr-cfg-management-4.2.3-2.3.1 mgr-custom-info-4.2.2-2.3.1 mgr-osad-4.2.6-2.3.1 mgr-push-4.2.3-2.3.1 python3-mgr-cfg-4.2.3-2.3.1 python3-mgr-cfg-actions-4.2.3-2.3.1 python3-mgr-cfg-client-4.2.3-2.3.1 python3-mgr-cfg-management-4.2.3-2.3.1 python3-mgr-osa-common-4.2.6-2.3.1 python3-mgr-osad-4.2.6-2.3.1 python3-mgr-push-4.2.3-2.3.1 python3-rhnlib-4.2.4-4.3.1 python3-spacewalk-certs-tools-4.2.11-3.3.1 python3-spacewalk-check-4.2.12-4.3.1 python3-spacewalk-client-setup-4.2.12-4.3.1 python3-spacewalk-client-tools-4.2.12-4.3.1 python3-spacewalk-oscap-4.2.2-4.3.1 python3-suseRegisterInfo-4.2.4-4.3.1 spacecmd-4.2.11-4.3.1 spacewalk-backend-4.2.15-4.3.1 spacewalk-base-minimal-4.2.20-3.3.2 spacewalk-base-minimal-config-4.2.20-3.3.2 spacewalk-certs-tools-4.2.11-3.3.1 spacewalk-check-4.2.12-4.3.1 spacewalk-client-setup-4.2.12-4.3.1 spacewalk-client-tools-4.2.12-4.3.1 spacewalk-oscap-4.2.2-4.3.1 spacewalk-proxy-broker-4.2.6-3.3.1 spacewalk-proxy-common-4.2.6-3.3.1 spacewalk-proxy-installer-4.2.5-3.3.1 spacewalk-proxy-management-4.2.6-3.3.1 spacewalk-proxy-package-manager-4.2.6-3.3.1 spacewalk-proxy-redirect-4.2.6-3.3.1 spacewalk-proxy-salt-4.2.6-3.3.1 suseRegisterInfo-4.2.4-4.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (x86_64): python3-uyuni-common-libs-4.2.5-3.3.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1182769 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1183151 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1185679 https://bugzilla.suse.com/1186025 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186502 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1186744 https://bugzilla.suse.com/1187065 https://bugzilla.suse.com/1187397 https://bugzilla.suse.com/1187441 https://bugzilla.suse.com/1187451 https://bugzilla.suse.com/1187593 https://bugzilla.suse.com/1187621 https://bugzilla.suse.com/1187660 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1187963 https://bugzilla.suse.com/1188073 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188289 https://bugzilla.suse.com/1188297 https://bugzilla.suse.com/1188395 https://bugzilla.suse.com/1188900 From sle-updates at lists.suse.com Thu Aug 12 13:49:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:49:45 +0200 (CEST) Subject: SUSE-RU-2021:14781-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210812134945.4BDDCFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14781-1 Rating: moderate References: #1186508 #1186581 #1186650 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user salt: - Enhance openscap module: add "xccdf_eval" call spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - No visible impact for the user spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202107-14781=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202107-14781=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.2.3-5.18.1 mgr-cfg-actions-4.2.3-5.18.1 mgr-cfg-client-4.2.3-5.18.1 mgr-cfg-management-4.2.3-5.18.1 mgr-custom-info-4.2.2-5.12.1 mgr-osad-4.2.6-5.30.1 mgr-push-4.2.3-5.12.1 mgr-virtualization-host-4.2.2-5.20.1 python2-mgr-cfg-4.2.3-5.18.1 python2-mgr-cfg-actions-4.2.3-5.18.1 python2-mgr-cfg-client-4.2.3-5.18.1 python2-mgr-cfg-management-4.2.3-5.18.1 python2-mgr-osa-common-4.2.6-5.30.1 python2-mgr-osad-4.2.6-5.30.1 python2-mgr-push-4.2.3-5.12.1 python2-mgr-virtualization-common-4.2.2-5.20.1 python2-mgr-virtualization-host-4.2.2-5.20.1 python2-rhnlib-4.2.4-12.34.1 python2-spacewalk-check-4.2.12-27.53.1 python2-spacewalk-client-setup-4.2.12-27.53.1 python2-spacewalk-client-tools-4.2.12-27.53.1 python2-spacewalk-koan-4.2.4-9.24.1 python2-spacewalk-oscap-4.2.2-6.18.2 python2-suseRegisterInfo-4.2.4-6.18.1 python2-uyuni-common-libs-4.2.5-5.15.1 salt-2016.11.10-43.78.1 salt-doc-2016.11.10-43.78.1 salt-minion-2016.11.10-43.78.1 spacecmd-4.2.11-18.87.1 spacewalk-check-4.2.12-27.53.1 spacewalk-client-setup-4.2.12-27.53.1 spacewalk-client-tools-4.2.12-27.53.1 spacewalk-koan-4.2.4-9.24.1 spacewalk-oscap-4.2.2-6.18.2 suseRegisterInfo-4.2.4-6.18.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.2.3-5.18.1 mgr-cfg-actions-4.2.3-5.18.1 mgr-cfg-client-4.2.3-5.18.1 mgr-cfg-management-4.2.3-5.18.1 mgr-custom-info-4.2.2-5.12.1 mgr-osad-4.2.6-5.30.1 mgr-push-4.2.3-5.12.1 mgr-virtualization-host-4.2.2-5.20.1 python2-mgr-cfg-4.2.3-5.18.1 python2-mgr-cfg-actions-4.2.3-5.18.1 python2-mgr-cfg-client-4.2.3-5.18.1 python2-mgr-cfg-management-4.2.3-5.18.1 python2-mgr-osa-common-4.2.6-5.30.1 python2-mgr-osad-4.2.6-5.30.1 python2-mgr-push-4.2.3-5.12.1 python2-mgr-virtualization-common-4.2.2-5.20.1 python2-mgr-virtualization-host-4.2.2-5.20.1 python2-rhnlib-4.2.4-12.34.1 python2-spacewalk-check-4.2.12-27.53.1 python2-spacewalk-client-setup-4.2.12-27.53.1 python2-spacewalk-client-tools-4.2.12-27.53.1 python2-spacewalk-koan-4.2.4-9.24.1 python2-spacewalk-oscap-4.2.2-6.18.2 python2-suseRegisterInfo-4.2.4-6.18.1 python2-uyuni-common-libs-4.2.5-5.15.1 salt-2016.11.10-43.78.1 salt-doc-2016.11.10-43.78.1 salt-minion-2016.11.10-43.78.1 spacecmd-4.2.11-18.87.1 spacewalk-check-4.2.12-27.53.1 spacewalk-client-setup-4.2.12-27.53.1 spacewalk-client-tools-4.2.12-27.53.1 spacewalk-koan-4.2.4-9.24.1 spacewalk-oscap-4.2.2-6.18.2 suseRegisterInfo-4.2.4-6.18.1 References: https://bugzilla.suse.com/1186508 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186650 From sle-updates at lists.suse.com Thu Aug 12 13:51:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:51:04 +0200 (CEST) Subject: SUSE-RU-2021:14778-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210812135104.0F136FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14778-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1186581 #1187787 #1187813 #1188170 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 13 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) scap-security-guide: - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202107-14778=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.51.1 salt-minion-3002.2+ds-1+2.51.1 scap-security-guide-ubuntu-0.1.56-2.6.1 spacecmd-4.2.11-2.27.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 13:54:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:54:44 +0200 (CEST) Subject: SUSE-RU-2021:2667-1: moderate: Recommended update for system-user-prometheus Message-ID: <20210812135444.63572FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-user-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2667-1 Rating: moderate References: SLE-18254 Affected Products: SUSE Manager Tools 15 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This recommended update for system-user-prometheus provides the following fixes: - Provide the user and group 'prometheus' to SUSE Enterprise Storage 6 needed by 'golang-github-prometheus-prometheus' (jsc#SLE-18254) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-2667=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2667=1 Package List: - SUSE Manager Tools 15 (noarch): system-user-prometheus-1.0.0-3.8.1 - SUSE Enterprise Storage 6 (noarch): system-user-prometheus-1.0.0-3.8.1 References: From sle-updates at lists.suse.com Thu Aug 12 13:57:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 15:57:15 +0200 (CEST) Subject: SUSE-RU-2021:2661-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210812135715.C080FFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2661-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1186581 #1187787 #1187813 #1188170 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has 13 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) scap-security-guide: - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-2661=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.30.1 salt-minion-3002.2+ds-1+2.30.1 scap-security-guide-debian-0.1.56-2.6.2 spacecmd-4.2.11-2.12.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 14:02:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 16:02:31 +0200 (CEST) Subject: SUSE-RU-2021:2659-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210812140231.B3178FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2659-1 Rating: moderate References: #1164192 #1167586 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1186581 #1186674 #1187787 #1187813 #1188170 ECO-3319 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that has 13 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Check if dpkgnotify is executable (bsc#1186674) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) scap-security-guide: - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-2659=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.26.1 salt-minion-3000+ds-1+2.26.1 scap-security-guide-debian-0.1.56-2.6.1 spacecmd-4.2.11-2.13.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 14:05:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 16:05:09 +0200 (CEST) Subject: SUSE-RU-2021:2668-1: moderate: Recommended update for salt Message-ID: <20210812140509.5FCEEFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2668-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1186642 #1187787 #1187813 #1188170 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for salt fixes the following issue: - salt had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated 'Thread.isAlive()' with 'Thread.is_alive()' - Fix exception in 'yumpkg.remove' for not installed package - Fix save for iptables state module (bsc#1185131) - virt: use '/dev/kvm' to detect KVM - zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add 'python3-pyinotify' as a recommended package for Salt in SUSE/openSUSE distros - Fix 'tmpfiles.d' configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586, bsc#1164192) - Handle volumes on stopped pools in 'virt.vm_info' (bsc#1186287) - grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2021-2668=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2668=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2668=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-50.1.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-50.1.9.1 salt-cloud-3002.2-50.1.9.1 salt-master-3002.2-50.1.9.1 salt-proxy-3002.2-50.1.9.1 salt-ssh-3002.2-50.1.9.1 salt-standalone-formulas-configuration-3002.2-50.1.9.1 salt-syndic-3002.2-50.1.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3002.2-50.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-50.1.9.1 salt-3002.2-50.1.9.1 salt-doc-3002.2-50.1.9.1 salt-minion-3002.2-50.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3002.2-50.1.9.1 salt-zsh-completion-3002.2-50.1.9.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186642 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 14:07:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 16:07:55 +0200 (CEST) Subject: SUSE-RU-2021:2666-1: moderate: Recommended update for Salt Message-ID: <20210812140755.E0882FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2666-1 Rating: moderate References: #1164192 #1167586 #1173103 #1173692 #1180650 #1184659 #1185131 #1186287 #1186310 #1187787 #1187813 #1188170 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2666=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2666=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2666=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2666=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3002.2-8.41.11.2 salt-3002.2-8.41.11.2 salt-api-3002.2-8.41.11.2 salt-cloud-3002.2-8.41.11.2 salt-doc-3002.2-8.41.11.2 salt-master-3002.2-8.41.11.2 salt-minion-3002.2-8.41.11.2 salt-proxy-3002.2-8.41.11.2 salt-ssh-3002.2-8.41.11.2 salt-standalone-formulas-configuration-3002.2-8.41.11.2 salt-syndic-3002.2-8.41.11.2 salt-transactional-update-3002.2-8.41.11.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3002.2-8.41.11.2 salt-fish-completion-3002.2-8.41.11.2 salt-zsh-completion-3002.2-8.41.11.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3002.2-8.41.11.2 salt-3002.2-8.41.11.2 salt-api-3002.2-8.41.11.2 salt-cloud-3002.2-8.41.11.2 salt-doc-3002.2-8.41.11.2 salt-master-3002.2-8.41.11.2 salt-minion-3002.2-8.41.11.2 salt-proxy-3002.2-8.41.11.2 salt-ssh-3002.2-8.41.11.2 salt-standalone-formulas-configuration-3002.2-8.41.11.2 salt-syndic-3002.2-8.41.11.2 salt-transactional-update-3002.2-8.41.11.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.11.2 salt-fish-completion-3002.2-8.41.11.2 salt-zsh-completion-3002.2-8.41.11.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3002.2-8.41.11.2 salt-3002.2-8.41.11.2 salt-api-3002.2-8.41.11.2 salt-cloud-3002.2-8.41.11.2 salt-doc-3002.2-8.41.11.2 salt-master-3002.2-8.41.11.2 salt-minion-3002.2-8.41.11.2 salt-proxy-3002.2-8.41.11.2 salt-ssh-3002.2-8.41.11.2 salt-standalone-formulas-configuration-3002.2-8.41.11.2 salt-syndic-3002.2-8.41.11.2 salt-transactional-update-3002.2-8.41.11.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.11.2 salt-fish-completion-3002.2-8.41.11.2 salt-zsh-completion-3002.2-8.41.11.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3002.2-8.41.11.2 salt-3002.2-8.41.11.2 salt-api-3002.2-8.41.11.2 salt-cloud-3002.2-8.41.11.2 salt-doc-3002.2-8.41.11.2 salt-master-3002.2-8.41.11.2 salt-minion-3002.2-8.41.11.2 salt-proxy-3002.2-8.41.11.2 salt-ssh-3002.2-8.41.11.2 salt-standalone-formulas-configuration-3002.2-8.41.11.2 salt-syndic-3002.2-8.41.11.2 salt-transactional-update-3002.2-8.41.11.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3002.2-8.41.11.2 salt-fish-completion-3002.2-8.41.11.2 salt-zsh-completion-3002.2-8.41.11.2 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 From sle-updates at lists.suse.com Thu Aug 12 16:16:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 18:16:35 +0200 (CEST) Subject: SUSE-SU-2021:14783-1: important: Security update for aspell Message-ID: <20210812161635.9A063FCF4@maintenance.suse.de> SUSE Security Update: Security update for aspell ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14783-1 Rating: important References: #1188576 Cross-References: CVE-2019-25051 CVSS scores: CVE-2019-25051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-25051 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-aspell-14783=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-aspell-14783=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-aspell-14783=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-aspell-14783=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): aspell-0.60.6-26.36.1 aspell-ispell-0.60.6-26.36.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): aspell-32bit-0.60.6-26.36.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): aspell-0.60.6-26.36.1 aspell-ispell-0.60.6-26.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): aspell-debuginfo-0.60.6-26.36.1 aspell-debugsource-0.60.6-26.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): aspell-debuginfo-32bit-0.60.6-26.36.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): aspell-debuginfo-0.60.6-26.36.1 aspell-debugsource-0.60.6-26.36.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): aspell-debuginfo-32bit-0.60.6-26.36.1 References: https://www.suse.com/security/cve/CVE-2019-25051.html https://bugzilla.suse.com/1188576 From sle-updates at lists.suse.com Thu Aug 12 16:17:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 18:17:45 +0200 (CEST) Subject: SUSE-RU-2021:2681-1: important: Recommended update for growpart-rootgrow Message-ID: <20210812161745.5364EFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for growpart-rootgrow ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2681-1 Rating: important References: #1188868 #1188904 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for growpart-rootgrow fixes the following issues: - Fix root partition ID lookup. Only consider trailing digits to be part of the paritition ID. (bsc#1188868) (bsc#1188904) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2681=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): growpart-rootgrow-1.0.5-1.9.1 References: https://bugzilla.suse.com/1188868 https://bugzilla.suse.com/1188904 From sle-updates at lists.suse.com Thu Aug 12 16:19:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 18:19:03 +0200 (CEST) Subject: SUSE-SU-2021:2678-1: important: Security update for the Linux Kernel Message-ID: <20210812161903.A9D5BFCF4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2678-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1153274 #1154353 #1156395 #1176940 #1179243 #1183871 #1184114 #1184350 #1184631 #1185377 #1186194 #1186482 #1186483 #1187476 #1188062 #1188063 #1188101 #1188257 #1188405 #1188445 #1188504 #1188620 #1188683 #1188746 #1188747 #1188748 #1188770 #1188771 #1188772 #1188773 #1188774 #1188777 #1188838 #1188842 #1188876 #1188885 #1188973 Cross-References: CVE-2021-21781 CVE-2021-22543 CVE-2021-33909 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2678=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-2678=1 Package List: - SUSE MicroOS 5.0 (x86_64): kernel-rt-5.3.18-48.1 kernel-rt-debuginfo-5.3.18-48.1 kernel-rt-debugsource-5.3.18-48.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-48.1 cluster-md-kmp-rt-debuginfo-5.3.18-48.1 dlm-kmp-rt-5.3.18-48.1 dlm-kmp-rt-debuginfo-5.3.18-48.1 gfs2-kmp-rt-5.3.18-48.1 gfs2-kmp-rt-debuginfo-5.3.18-48.1 kernel-rt-5.3.18-48.1 kernel-rt-debuginfo-5.3.18-48.1 kernel-rt-debugsource-5.3.18-48.1 kernel-rt-devel-5.3.18-48.1 kernel-rt-devel-debuginfo-5.3.18-48.1 kernel-rt_debug-5.3.18-48.1 kernel-rt_debug-debuginfo-5.3.18-48.1 kernel-rt_debug-debugsource-5.3.18-48.1 kernel-rt_debug-devel-5.3.18-48.1 kernel-rt_debug-devel-debuginfo-5.3.18-48.1 kernel-syms-rt-5.3.18-48.1 ocfs2-kmp-rt-5.3.18-48.1 ocfs2-kmp-rt-debuginfo-5.3.18-48.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-48.1 kernel-source-rt-5.3.18-48.1 References: https://www.suse.com/security/cve/CVE-2021-21781.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-33909.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184631 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186194 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1188062 https://bugzilla.suse.com/1188063 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188257 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188445 https://bugzilla.suse.com/1188504 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188683 https://bugzilla.suse.com/1188746 https://bugzilla.suse.com/1188747 https://bugzilla.suse.com/1188748 https://bugzilla.suse.com/1188770 https://bugzilla.suse.com/1188771 https://bugzilla.suse.com/1188772 https://bugzilla.suse.com/1188773 https://bugzilla.suse.com/1188774 https://bugzilla.suse.com/1188777 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188842 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Thu Aug 12 16:29:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Aug 2021 18:29:11 +0200 (CEST) Subject: SUSE-SU-2021:14782-1: important: Security update for MozillaFirefox Message-ID: <20210812162911.15A05FCF4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14782-1 Rating: important References: #1188891 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14782=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14782=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.13.0-78.137.1 MozillaFirefox-translations-common-78.13.0-78.137.1 MozillaFirefox-translations-other-78.13.0-78.137.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.13.0-78.137.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Thu Aug 12 22:17:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Aug 2021 00:17:08 +0200 (CEST) Subject: SUSE-SU-2021:2682-1: important: Security update for rpm Message-ID: <20210812221708.2C26BFCF4@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2682-1 Rating: important References: #1179416 #1181805 #1183543 #1183545 ECO-3622 SLE-17817 Cross-References: CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVSS scores: CVE-2021-20266 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-20266 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-20271 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20271 (SUSE): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L CVE-2021-3421 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-3421 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities, contains two features and has one errata is now available. Description: This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-2682=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-2682=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-2682=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2682=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2682=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2682=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-37.2 rpm-build-debuginfo-4.14.3-37.2 rpm-debuginfo-4.14.3-37.2 rpm-debugsource-4.14.3-37.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-37.2 rpm-build-debuginfo-4.14.3-37.2 rpm-debuginfo-4.14.3-37.2 rpm-debugsource-4.14.3-37.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-37.2 python2-rpm-4.14.3-37.2 python2-rpm-debuginfo-4.14.3-37.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.3-37.2 rpm-ndb-debuginfo-4.14.3-37.2 rpm-ndb-debugsource-4.14.3-37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-37.2 rpm-build-debuginfo-4.14.3-37.2 rpm-debuginfo-4.14.3-37.2 rpm-debugsource-4.14.3-37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-37.2 python3-rpm-4.14.3-37.2 python3-rpm-debuginfo-4.14.3-37.2 rpm-4.14.3-37.2 rpm-debuginfo-4.14.3-37.2 rpm-debugsource-4.14.3-37.2 rpm-devel-4.14.3-37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): rpm-32bit-4.14.3-37.2 rpm-32bit-debuginfo-4.14.3-37.2 References: https://www.suse.com/security/cve/CVE-2021-20266.html https://www.suse.com/security/cve/CVE-2021-20271.html https://www.suse.com/security/cve/CVE-2021-3421.html https://bugzilla.suse.com/1179416 https://bugzilla.suse.com/1181805 https://bugzilla.suse.com/1183543 https://bugzilla.suse.com/1183545 From sle-updates at lists.suse.com Sat Aug 14 07:16:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Aug 2021 09:16:27 +0200 (CEST) Subject: SUSE-SU-2021:2686-1: important: Security update for cpio Message-ID: <20210814071627.1C7F5FD0A@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2686-1 Rating: important References: #1189206 Cross-References: CVE-2021-38185 CVSS scores: CVE-2021-38185 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2686=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2686=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2686=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2686=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2686=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2686=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2686=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2686=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2686=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2686=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2686=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2686=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): cpio-lang-2.11-36.9.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): cpio-lang-2.11-36.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE OpenStack Cloud 9 (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE OpenStack Cloud 9 (noarch): cpio-lang-2.11-36.9.1 - SUSE OpenStack Cloud 8 (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE OpenStack Cloud 8 (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): cpio-lang-2.11-36.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 - HPE Helion Openstack 8 (noarch): cpio-lang-2.11-36.9.1 - HPE Helion Openstack 8 (x86_64): cpio-2.11-36.9.1 cpio-debuginfo-2.11-36.9.1 cpio-debugsource-2.11-36.9.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189206 From sle-updates at lists.suse.com Sat Aug 14 13:18:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Aug 2021 15:18:23 +0200 (CEST) Subject: SUSE-RU-2021:2688-1: moderate: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Message-ID: <20210814131823.71F32FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-base, patterns-server-enterprise, sles15-image ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2688-1 Rating: moderate References: #1183154 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2021-2688=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2688=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2688=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2688=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2688=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): patterns-base-transactional_base-20200124-4.6.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): patterns-server-enterprise-oracle_server-32bit-20171206-12.6.1 patterns-server-enterprise-sap_server-20171206-12.6.1 patterns-server-enterprise-sap_server-32bit-20171206-12.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): patterns-server-enterprise-oracle_server-20171206-12.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x): patterns-server-enterprise-hwcrypto-20171206-12.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): patterns-server-enterprise-oracle_server-32bit-20171206-12.6.1 patterns-server-enterprise-sap_server-20171206-12.6.1 patterns-server-enterprise-sap_server-32bit-20171206-12.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): patterns-server-enterprise-oracle_server-20171206-12.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): patterns-server-enterprise-hwcrypto-20171206-12.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64): patterns-base-x11_raspberrypi-20200124-4.6.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): patterns-base-apparmor-20200124-4.6.3 patterns-base-apparmor-32bit-20200124-4.6.3 patterns-base-base-20200124-4.6.3 patterns-base-base-32bit-20200124-4.6.3 patterns-base-basesystem-20200124-4.6.3 patterns-base-basic_desktop-20200124-4.6.3 patterns-base-documentation-20200124-4.6.3 patterns-base-enhanced_base-20200124-4.6.3 patterns-base-enhanced_base-32bit-20200124-4.6.3 patterns-base-fips-20200124-4.6.3 patterns-base-minimal_base-20200124-4.6.3 patterns-base-minimal_base-32bit-20200124-4.6.3 patterns-base-sw_management-20200124-4.6.3 patterns-base-sw_management-32bit-20200124-4.6.3 patterns-base-x11-20200124-4.6.3 patterns-base-x11-32bit-20200124-4.6.3 patterns-base-x11_enhanced-20200124-4.6.3 patterns-base-x11_enhanced-32bit-20200124-4.6.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): patterns-base-32bit-20200124-4.6.3 References: https://bugzilla.suse.com/1183154 From sle-updates at lists.suse.com Sat Aug 14 13:30:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Aug 2021 15:30:47 +0200 (CEST) Subject: SUSE-SU-2021:2687-1: important: Security update for the Linux Kernel Message-ID: <20210814133047.D7B4DFCF4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2687-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1152472 #1152489 #1153274 #1154353 #1155518 #1156395 #1170511 #1176447 #1176940 #1179243 #1180092 #1180814 #1183871 #1184114 #1184350 #1184631 #1184804 #1185308 #1185377 #1185791 #1186194 #1186206 #1186482 #1186483 #1187215 #1187476 #1187495 #1187585 #1188036 #1188080 #1188101 #1188121 #1188126 #1188176 #1188267 #1188268 #1188269 #1188323 #1188366 #1188405 #1188445 #1188504 #1188620 #1188683 #1188703 #1188720 #1188746 #1188747 #1188748 #1188752 #1188770 #1188771 #1188772 #1188773 #1188774 #1188777 #1188838 #1188876 #1188885 #1188893 #1188973 Cross-References: CVE-2021-21781 CVE-2021-22543 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-35039 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3612 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 58 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - Revert "Bluetooth: btintel: Fix endianness issue for TLV version information" (bsc#1188893). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - Revert "drm/i915: Propagate errors on awaiting already signaled fences" (git-fixes). - Revert "drm: add a locked version of drm_is_current_master" (git-fixes). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - Revert "iwlwifi: remove wide_cmd_header field" (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of "sym-offset" modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2687=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-2687=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2687=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2687=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2687=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2687=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-59.19.1 kernel-default-debugsource-5.3.18-59.19.1 kernel-default-extra-5.3.18-59.19.1 kernel-default-extra-debuginfo-5.3.18-59.19.1 kernel-preempt-debuginfo-5.3.18-59.19.1 kernel-preempt-debugsource-5.3.18-59.19.1 kernel-preempt-extra-5.3.18-59.19.1 kernel-preempt-extra-debuginfo-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.19.1 kernel-default-debugsource-5.3.18-59.19.1 kernel-default-livepatch-5.3.18-59.19.1 kernel-default-livepatch-devel-5.3.18-59.19.1 kernel-livepatch-5_3_18-59_19-default-1-7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.19.1 kernel-default-debugsource-5.3.18-59.19.1 reiserfs-kmp-default-5.3.18-59.19.1 reiserfs-kmp-default-debuginfo-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-59.19.1 kernel-obs-build-debugsource-5.3.18-59.19.1 kernel-syms-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-59.19.1 kernel-preempt-debugsource-5.3.18-59.19.1 kernel-preempt-devel-5.3.18-59.19.1 kernel-preempt-devel-debuginfo-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-59.19.1 kernel-source-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-59.19.1 kernel-default-base-5.3.18-59.19.1.18.10.1 kernel-default-debuginfo-5.3.18-59.19.1 kernel-default-debugsource-5.3.18-59.19.1 kernel-default-devel-5.3.18-59.19.1 kernel-default-devel-debuginfo-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-59.19.1 kernel-preempt-debuginfo-5.3.18-59.19.1 kernel-preempt-debugsource-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-59.19.1 kernel-64kb-debuginfo-5.3.18-59.19.1 kernel-64kb-debugsource-5.3.18-59.19.1 kernel-64kb-devel-5.3.18-59.19.1 kernel-64kb-devel-debuginfo-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-59.19.1 kernel-macros-5.3.18-59.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-59.19.1 kernel-zfcpdump-debuginfo-5.3.18-59.19.1 kernel-zfcpdump-debugsource-5.3.18-59.19.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-59.19.1 cluster-md-kmp-default-debuginfo-5.3.18-59.19.1 dlm-kmp-default-5.3.18-59.19.1 dlm-kmp-default-debuginfo-5.3.18-59.19.1 gfs2-kmp-default-5.3.18-59.19.1 gfs2-kmp-default-debuginfo-5.3.18-59.19.1 kernel-default-debuginfo-5.3.18-59.19.1 kernel-default-debugsource-5.3.18-59.19.1 ocfs2-kmp-default-5.3.18-59.19.1 ocfs2-kmp-default-debuginfo-5.3.18-59.19.1 References: https://www.suse.com/security/cve/CVE-2021-21781.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-35039.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3612.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1170511 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1180092 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184631 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185308 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185791 https://bugzilla.suse.com/1186194 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1187495 https://bugzilla.suse.com/1187585 https://bugzilla.suse.com/1188036 https://bugzilla.suse.com/1188080 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188121 https://bugzilla.suse.com/1188126 https://bugzilla.suse.com/1188176 https://bugzilla.suse.com/1188267 https://bugzilla.suse.com/1188268 https://bugzilla.suse.com/1188269 https://bugzilla.suse.com/1188323 https://bugzilla.suse.com/1188366 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188445 https://bugzilla.suse.com/1188504 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188683 https://bugzilla.suse.com/1188703 https://bugzilla.suse.com/1188720 https://bugzilla.suse.com/1188746 https://bugzilla.suse.com/1188747 https://bugzilla.suse.com/1188748 https://bugzilla.suse.com/1188752 https://bugzilla.suse.com/1188770 https://bugzilla.suse.com/1188771 https://bugzilla.suse.com/1188772 https://bugzilla.suse.com/1188773 https://bugzilla.suse.com/1188774 https://bugzilla.suse.com/1188777 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188893 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Mon Aug 16 16:18:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Aug 2021 18:18:25 +0200 (CEST) Subject: SUSE-SU-2021:2689-1: important: Security update for cpio Message-ID: <20210816161825.6B940FD0A@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2689-1 Rating: important References: #1189206 Cross-References: CVE-2021-38185 CVSS scores: CVE-2021-38185 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2689=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2689=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2689=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2689=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2689=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2689=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2689=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2689=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2689=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2689=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2689=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2689=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2689=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2689=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2689=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2689=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Manager Server 4.0 (noarch): cpio-lang-2.12-3.6.1 - SUSE Manager Retail Branch Server 4.0 (noarch): cpio-lang-2.12-3.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Manager Proxy 4.0 (x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Manager Proxy 4.0 (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): cpio-lang-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): cpio-lang-2.12-3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE Enterprise Storage 6 (noarch): cpio-lang-2.12-3.6.1 - SUSE CaaS Platform 4.0 (x86_64): cpio-2.12-3.6.1 cpio-debuginfo-2.12-3.6.1 cpio-debugsource-2.12-3.6.1 cpio-mt-2.12-3.6.1 cpio-mt-debuginfo-2.12-3.6.1 - SUSE CaaS Platform 4.0 (noarch): cpio-lang-2.12-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189206 From sle-updates at lists.suse.com Mon Aug 16 19:16:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Aug 2021 21:16:46 +0200 (CEST) Subject: SUSE-SU-2021:2690-1: important: Security update for libcares2 Message-ID: <20210816191646.A4F7FFD0A@maintenance.suse.de> SUSE Security Update: Security update for libcares2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2690-1 Rating: important References: #1188881 Cross-References: CVE-2021-3672 CVSS scores: CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2690=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2690=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2690=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2690=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2690=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2690=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2690=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2690=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2690=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2690=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2690=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2690=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2690=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2690=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE OpenStack Cloud 9 (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE OpenStack Cloud 8 (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libcares2-32bit-1.9.1-9.7.1 libcares2-debuginfo-32bit-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcares-devel-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 - HPE Helion Openstack 8 (x86_64): libcares2-1.9.1-9.7.1 libcares2-debuginfo-1.9.1-9.7.1 libcares2-debugsource-1.9.1-9.7.1 References: https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 From sle-updates at lists.suse.com Tue Aug 17 04:16:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 06:16:58 +0200 (CEST) Subject: SUSE-SU-2021:2691-1: important: Security update for MozillaFirefox Message-ID: <20210817041658.AA83DFD0A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2691-1 Rating: important References: #1188891 SLE-18626 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2691=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2691=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2691=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2691=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2691=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2691=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2691=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2691=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2691=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2691=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2691=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2691=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2691=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.13.0-112.68.1 MozillaFirefox-debuginfo-78.13.0-112.68.1 MozillaFirefox-debugsource-78.13.0-112.68.1 MozillaFirefox-devel-78.13.0-112.68.1 MozillaFirefox-translations-common-78.13.0-112.68.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Tue Aug 17 10:17:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 12:17:39 +0200 (CEST) Subject: SUSE-RU-2021:2693-1: moderate: Recommended update for SUSE Manager Proxy 4.1 Message-ID: <20210817101739.3CDF7FD21@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2693-1 Rating: moderate References: #1181223 #1186026 #1186650 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-backend: - Fix rpm handling of empty package group and devicefiles tag (bsc#1186650) - Show better error message when reposync failed spacewalk-proxy-installer: - Add new refresh_pattern to the squid.conf to fix a case where the repodata was invalid due to being cached (bsc#1186026) spacewalk-web: - Update web UI version to 4.1.10 uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-2693=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): spacecmd-4.1.13-4.24.1 spacewalk-backend-4.1.27-4.38.1 spacewalk-base-minimal-4.1.28-3.30.1 spacewalk-base-minimal-config-4.1.28-3.30.1 spacewalk-proxy-installer-4.1.7-3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64): python3-uyuni-common-libs-4.1.9-3.12.1 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186026 https://bugzilla.suse.com/1186650 From sle-updates at lists.suse.com Tue Aug 17 10:19:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 12:19:03 +0200 (CEST) Subject: SUSE-RU-2021:2692-1: Recommended update for SUSE Manager 4.1.10 Release Notes Message-ID: <20210817101903.6B030FD21@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.10 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2692-1 Rating: low References: #1164192 #1167586 #1173143 #1181223 #1182769 #1182817 #1186025 #1186026 #1186650 #1187441 #1187621 #1187787 #1187813 #1187963 #1188032 #1188073 #1188170 #1188193 #1188260 #1188400 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for SUSE Manager 4.1.10 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.1.10 - Bugs mentioned bsc#1164192, bsc#1167586, bsc#1173143, bsc#1181223, bsc#1182769, bsc#1182817, bsc#1186025, bsc#1186650, bsc#1187441, bsc#1187621, bsc#1187787, bsc#1187813, bsc#1187963, bsc#1188032, bsc#1188073, bsc#1188170, bsc#1188193, bsc#1188260, bsc#1188400 Release notes for SUSE Manager proxy: - Release 4.1.10 - Bugs mentioned bsc#1181223, bsc#1186026, bsc#1186650 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-2692=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-2692=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-2692=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.10-3.58.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.10-3.41.1 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.10-3.41.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1182769 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1186025 https://bugzilla.suse.com/1186026 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1187441 https://bugzilla.suse.com/1187621 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1187963 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188073 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188193 https://bugzilla.suse.com/1188260 https://bugzilla.suse.com/1188400 From sle-updates at lists.suse.com Tue Aug 17 10:22:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 12:22:35 +0200 (CEST) Subject: SUSE-RU-2021:2693-1: moderate: Recommended update for SUSE Manager Server 4.1 Message-ID: <20210817102235.E1DBEFD21@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2693-1 Rating: moderate References: #1164192 #1167586 #1173143 #1181223 #1182769 #1182817 #1186025 #1186026 #1186650 #1187441 #1187621 #1187787 #1187813 #1187963 #1188032 #1188073 #1188170 #1188193 #1188260 #1188400 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update fixes the following issues: prometheus-exporters-formula: - Fix exporter exporter modules configuration - Fix null formula data dictionary values (bsc#1186025) - Move exporters configurations to dedicated group `prometheus_exporters` - This version changes the formula data schema and is not backwards compatible. Downgrading from this version will require reconfiguring the formula for all your minions. prometheus-formula: - Add docs stings in file SD UI py26-compat-salt: - Enhance openscap module: add "xccdf_eval" call py27-compat-salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) spacecmd: - Add 'schedule_deletearchived' to bulk delete archived actions (bsc#1181223) spacewalk-backend: - Fix rpm handling of empty package group and devicefiles tag (bsc#1186650) - Show better error message when reposync failed spacewalk-branding: - Change white space behavior on modal bodies spacewalk-java: - Fix random NullPointerException when rendering page tabs (bsc#1182769) - Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260) - Fix entitlements not being updated during system transfer (bsc#1188032) - Add Beijing timezone to selectable timezones (bsc#1188193) - Fix updating primary net interface on hardware refresh (bsc#1188400) - Fix issues when removing archived actions using XMLRPC api (bsc#1181223) - Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143) - SP migration: wait some seconds before scheduling "package refresh" action after migration is completed (bsc#1187963) - Manually disable repositories on redhat like systems - Show reposync errors in user notification details - Do not check accessibility of free product repositories (bsc#1182817) - Define a pillar for the https port when connection as ssh-push with tunnel (bsc#1187441) - Do not update Kickstart session when download after session is complete or failed (bsc#1187621) spacewalk-web: - Update web UI version to 4.1.10 susemanager: - Fix a typo so mgr-create-bootstrap-script can exit gracefully when interrupted (bsc#1188073) susemanager-doc-indexes: - Amended client configuration guide to exclude paragraphs that are uyuni specific for centos and oracle clients - Updated image management chapter in administration guide; python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192) susemanager-docs_en: - Amended client configuration guide to exclude paragraphs that are uyuni specific for centos and oracle clients - Updated image management chapter in administration guide; python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192) susemanager-schema: - Force a one-off VACUUM ANALYZE - Upgrade scripts idempotency fixes - Add Beijing timezone to selectable timezones (bsc#1188193) susemanager-sls: - Skip 'update-ca-certificates' run if the certs are updated automatically - When bootstrapping with ssh-push with tunnel use the port number for fetching GPG keys from the server (bsc#1187441) susemanager-sync-data: - Set free flag for free products (bsc#1182817) uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-2693=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-2693=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-uyuni-common-libs-4.1.9-3.12.1 spacewalk-branding-4.1.13-3.15.1 susemanager-4.1.28-3.31.1 susemanager-tools-4.1.28-3.31.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): prometheus-exporters-formula-0.9.2-3.25.1 prometheus-formula-0.3.2-3.9.1 py26-compat-salt-2016.11.10-6.17.1 py27-compat-salt-3000.3-6.9.1 spacecmd-4.1.13-4.24.1 spacewalk-backend-4.1.27-4.38.1 spacewalk-backend-app-4.1.27-4.38.1 spacewalk-backend-applet-4.1.27-4.38.1 spacewalk-backend-config-files-4.1.27-4.38.1 spacewalk-backend-config-files-common-4.1.27-4.38.1 spacewalk-backend-config-files-tool-4.1.27-4.38.1 spacewalk-backend-iss-4.1.27-4.38.1 spacewalk-backend-iss-export-4.1.27-4.38.1 spacewalk-backend-package-push-server-4.1.27-4.38.1 spacewalk-backend-server-4.1.27-4.38.1 spacewalk-backend-sql-4.1.27-4.38.1 spacewalk-backend-sql-postgresql-4.1.27-4.38.1 spacewalk-backend-tools-4.1.27-4.38.1 spacewalk-backend-xml-export-libs-4.1.27-4.38.1 spacewalk-backend-xmlrpc-4.1.27-4.38.1 spacewalk-base-4.1.28-3.30.1 spacewalk-base-minimal-4.1.28-3.30.1 spacewalk-base-minimal-config-4.1.28-3.30.1 spacewalk-html-4.1.28-3.30.1 spacewalk-java-4.1.39-3.52.1 spacewalk-java-config-4.1.39-3.52.1 spacewalk-java-lib-4.1.39-3.52.1 spacewalk-java-postgresql-4.1.39-3.52.1 spacewalk-taskomatic-4.1.39-3.52.1 susemanager-doc-indexes-4.1-11.40.1 susemanager-docs_en-4.1-11.40.1 susemanager-docs_en-pdf-4.1-11.40.1 susemanager-schema-4.1.22-3.33.1 susemanager-sls-4.1.30-3.48.1 susemanager-sync-data-4.1.15-3.26.1 susemanager-web-libs-4.1.28-3.30.1 uyuni-config-modules-4.1.30-3.48.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64): python3-uyuni-common-libs-4.1.9-3.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): spacecmd-4.1.13-4.24.1 spacewalk-backend-4.1.27-4.38.1 spacewalk-base-minimal-4.1.28-3.30.1 spacewalk-base-minimal-config-4.1.28-3.30.1 spacewalk-proxy-installer-4.1.7-3.6.1 References: https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1182769 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1186025 https://bugzilla.suse.com/1186026 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1187441 https://bugzilla.suse.com/1187621 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1187963 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188073 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188193 https://bugzilla.suse.com/1188260 https://bugzilla.suse.com/1188400 From sle-updates at lists.suse.com Tue Aug 17 13:19:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 15:19:26 +0200 (CEST) Subject: SUSE-SU-2021:2695-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1) Message-ID: <20210817131926.92ADDFD21@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2695-1 Rating: important References: #1186483 #1188842 Cross-References: CVE-2021-22543 CVE-2021-37576 CVSS scores: CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_99 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2695=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2706=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-2726=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2735=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2749=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_75-default-2-2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-2-2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_99-default-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_75-default-2-2.1 kernel-livepatch-4_12_14-150_75-default-debuginfo-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_80-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_80-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1188842 From sle-updates at lists.suse.com Tue Aug 17 13:20:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 15:20:52 +0200 (CEST) Subject: SUSE-SU-2021:2694-1: important: Security update for MozillaFirefox Message-ID: <20210817132052.B4CBFFD21@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2694-1 Rating: important References: #1188891 SLE-18626 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2694=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2694=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2694=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2694=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2694=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2694=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2694=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2694=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2694=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2694=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2694=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2694=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2694=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Manager Proxy 4.0 (x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-78.13.0-3.150.1 MozillaFirefox-debuginfo-78.13.0-3.150.1 MozillaFirefox-debugsource-78.13.0-3.150.1 MozillaFirefox-devel-78.13.0-3.150.1 MozillaFirefox-translations-common-78.13.0-3.150.1 MozillaFirefox-translations-other-78.13.0-3.150.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Tue Aug 17 13:24:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 15:24:35 +0200 (CEST) Subject: SUSE-SU-2021:2746-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP5) Message-ID: <20210817132435.88CDFFD21@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2746-1 Rating: important References: #1186483 #1188323 #1188842 Cross-References: CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 CVSS scores: CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_41 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-2698=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-2699=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-2700=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-2703=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-2704=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2696=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2697=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2701=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2702=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2705=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2707=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2708=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2710=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2712=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2715=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2716=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2718=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2720=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2722=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-2723=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2709=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2711=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2713=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2714=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2717=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2719=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2721=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2724=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2725=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2729=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2730=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-2733=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-2727=1 SUSE-SLE-Module-Live-Patching-15-2021-2728=1 SUSE-SLE-Module-Live-Patching-15-2021-2731=1 SUSE-SLE-Module-Live-Patching-15-2021-2732=1 SUSE-SLE-Module-Live-Patching-15-2021-2734=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2736=1 SUSE-SLE-Live-Patching-12-SP5-2021-2737=1 SUSE-SLE-Live-Patching-12-SP5-2021-2738=1 SUSE-SLE-Live-Patching-12-SP5-2021-2739=1 SUSE-SLE-Live-Patching-12-SP5-2021-2740=1 SUSE-SLE-Live-Patching-12-SP5-2021-2741=1 SUSE-SLE-Live-Patching-12-SP5-2021-2742=1 SUSE-SLE-Live-Patching-12-SP5-2021-2743=1 SUSE-SLE-Live-Patching-12-SP5-2021-2744=1 SUSE-SLE-Live-Patching-12-SP5-2021-2745=1 SUSE-SLE-Live-Patching-12-SP5-2021-2746=1 SUSE-SLE-Live-Patching-12-SP5-2021-2747=1 SUSE-SLE-Live-Patching-12-SP5-2021-2748=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2750=1 SUSE-SLE-Live-Patching-12-SP4-2021-2751=1 SUSE-SLE-Live-Patching-12-SP4-2021-2752=1 SUSE-SLE-Live-Patching-12-SP4-2021-2753=1 SUSE-SLE-Live-Patching-12-SP4-2021-2754=1 SUSE-SLE-Live-Patching-12-SP4-2021-2755=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-5-3.1 kernel-livepatch-5_3_18-57-default-debuginfo-5-3.1 kernel-livepatch-5_3_18-59_10-default-3-2.1 kernel-livepatch-5_3_18-59_10-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-59_13-default-3-2.1 kernel-livepatch-5_3_18-59_13-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-59_16-default-2-2.1 kernel-livepatch-5_3_18-59_5-default-3-2.1 kernel-livepatch-5_3_18-59_5-default-debuginfo-3-2.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-5-3.1 kernel-livepatch-SLE15-SP3_Update_1-debugsource-3-2.1 kernel-livepatch-SLE15-SP3_Update_2-debugsource-3-2.1 kernel-livepatch-SLE15-SP3_Update_3-debugsource-3-2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_12-default-13-2.2 kernel-livepatch-5_3_18-24_12-default-debuginfo-13-2.2 kernel-livepatch-5_3_18-24_15-default-13-2.2 kernel-livepatch-5_3_18-24_15-default-debuginfo-13-2.2 kernel-livepatch-5_3_18-24_24-default-13-2.2 kernel-livepatch-5_3_18-24_24-default-debuginfo-13-2.2 kernel-livepatch-5_3_18-24_29-default-11-2.2 kernel-livepatch-5_3_18-24_29-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_34-default-11-2.2 kernel-livepatch-5_3_18-24_34-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_37-default-11-2.2 kernel-livepatch-5_3_18-24_37-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_43-default-10-2.2 kernel-livepatch-5_3_18-24_43-default-debuginfo-10-2.2 kernel-livepatch-5_3_18-24_46-default-10-2.2 kernel-livepatch-5_3_18-24_46-default-debuginfo-10-2.2 kernel-livepatch-5_3_18-24_49-default-9-2.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_52-default-8-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_53_4-default-3-2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_61-default-5-2.1 kernel-livepatch-5_3_18-24_61-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_64-default-5-2.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_67-default-3-2.1 kernel-livepatch-5_3_18-24_67-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_70-default-3-2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-3-2.1 kernel-livepatch-SLE15-SP2_Update_10-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_12-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_14-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_15-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-13-2.2 kernel-livepatch-SLE15-SP2_Update_3-debugsource-13-2.2 kernel-livepatch-SLE15-SP2_Update_4-debugsource-13-2.2 kernel-livepatch-SLE15-SP2_Update_5-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_6-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_7-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_8-debugsource-10-2.2 kernel-livepatch-SLE15-SP2_Update_9-debugsource-10-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_51-default-14-2.2 kernel-livepatch-4_12_14-197_56-default-13-2.2 kernel-livepatch-4_12_14-197_61-default-12-2.2 kernel-livepatch-4_12_14-197_64-default-11-2.2 kernel-livepatch-4_12_14-197_67-default-11-2.2 kernel-livepatch-4_12_14-197_72-default-10-2.2 kernel-livepatch-4_12_14-197_75-default-10-2.2 kernel-livepatch-4_12_14-197_78-default-10-2.2 kernel-livepatch-4_12_14-197_83-default-9-2.2 kernel-livepatch-4_12_14-197_86-default-8-2.2 kernel-livepatch-4_12_14-197_89-default-5-2.1 kernel-livepatch-4_12_14-197_92-default-4-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_58-default-13-2.2 kernel-livepatch-4_12_14-150_58-default-debuginfo-13-2.2 kernel-livepatch-4_12_14-150_63-default-11-2.2 kernel-livepatch-4_12_14-150_63-default-debuginfo-11-2.2 kernel-livepatch-4_12_14-150_66-default-9-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-9-2.2 kernel-livepatch-4_12_14-150_69-default-8-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_72-default-5-2.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-5-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_32-default-16-2.2 kgraft-patch-4_12_14-122_37-default-15-2.2 kgraft-patch-4_12_14-122_41-default-14-2.2 kgraft-patch-4_12_14-122_46-default-12-2.2 kgraft-patch-4_12_14-122_51-default-12-2.2 kgraft-patch-4_12_14-122_54-default-10-2.2 kgraft-patch-4_12_14-122_57-default-10-2.2 kgraft-patch-4_12_14-122_60-default-9-2.2 kgraft-patch-4_12_14-122_63-default-8-2.2 kgraft-patch-4_12_14-122_66-default-6-2.1 kgraft-patch-4_12_14-122_71-default-5-2.1 kgraft-patch-4_12_14-122_74-default-3-2.1 kgraft-patch-4_12_14-122_77-default-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_60-default-13-2.2 kgraft-patch-4_12_14-95_65-default-10-2.2 kgraft-patch-4_12_14-95_68-default-9-2.2 kgraft-patch-4_12_14-95_71-default-8-2.2 kgraft-patch-4_12_14-95_74-default-5-2.1 kgraft-patch-4_12_14-95_77-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1188323 https://bugzilla.suse.com/1188842 From sle-updates at lists.suse.com Tue Aug 17 16:18:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 18:18:15 +0200 (CEST) Subject: SUSE-RU-2021:2757-1: moderate: Recommended update for libarchive Message-ID: <20210817161815.330FEFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2757-1 Rating: moderate References: #1188891 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libarchive fixes the following issues: libarchive was updated to version 3.3.3 * Avoid super-linear slowdown on malformed mtree files * Many fixes for building with Visual Studio * NO_OVERWRITE doesn't change existing directory attributes * New support for Zstandard read and write filters * Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503 - Needed by of Firefox91 (bsc#1188891) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2757=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2757=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2757=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2757=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2757=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2757=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2757=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2757=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2757=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2757=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2757=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2757=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2757=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Manager Proxy 4.0 (x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 - SUSE CaaS Platform 4.0 (x86_64): bsdtar-3.3.3-3.14.1 bsdtar-debuginfo-3.3.3-3.14.1 libarchive-debugsource-3.3.3-3.14.1 libarchive-devel-3.3.3-3.14.1 libarchive13-3.3.3-3.14.1 libarchive13-debuginfo-3.3.3-3.14.1 References: https://www.suse.com/security/cve/CVE-2017-14166.html https://www.suse.com/security/cve/CVE-2017-14501.html https://www.suse.com/security/cve/CVE-2017-14502.html https://www.suse.com/security/cve/CVE-2017-14503.html https://www.suse.com/security/cve/CVE-2019-18408.html https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Tue Aug 17 16:19:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 18:19:37 +0200 (CEST) Subject: SUSE-SU-2021:2756-1: important: Security update for the Linux Kernel Message-ID: <20210817161937.3B053FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2756-1 Rating: important References: #1065729 #1085224 #1094840 #1113295 #1153274 #1154353 #1155518 #1156395 #1176940 #1179243 #1180092 #1183871 #1184114 #1184350 #1184631 #1184804 #1185377 #1186194 #1186206 #1186482 #1186483 #1187476 #1188101 #1188405 #1188445 #1188504 #1188620 #1188683 #1188746 #1188747 #1188748 #1188770 #1188771 #1188772 #1188773 #1188774 #1188777 #1188838 #1188876 #1188885 #1188973 Cross-References: CVE-2021-21781 CVE-2021-22543 CVE-2021-3659 CVE-2021-37576 CVSS scores: CVE-2021-21781 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 37 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2756=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2756=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2756=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2756=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2756=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2756=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2756=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.78.1 kernel-default-base-5.3.18-24.78.1.9.36.1 kernel-default-debuginfo-5.3.18-24.78.1 kernel-default-debugsource-5.3.18-24.78.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.78.1 kernel-default-debugsource-5.3.18-24.78.1 kernel-default-extra-5.3.18-24.78.1 kernel-default-extra-debuginfo-5.3.18-24.78.1 kernel-preempt-extra-5.3.18-24.78.1 kernel-preempt-extra-debuginfo-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.78.1 kernel-default-debugsource-5.3.18-24.78.1 kernel-default-livepatch-5.3.18-24.78.1 kernel-default-livepatch-devel-5.3.18-24.78.1 kernel-livepatch-5_3_18-24_78-default-1-5.3.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.78.1 kernel-default-debugsource-5.3.18-24.78.1 reiserfs-kmp-default-5.3.18-24.78.1 reiserfs-kmp-default-debuginfo-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.78.1 kernel-obs-build-debugsource-5.3.18-24.78.1 kernel-syms-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.78.1 kernel-preempt-debugsource-5.3.18-24.78.1 kernel-preempt-devel-5.3.18-24.78.1 kernel-preempt-devel-debuginfo-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.78.1 kernel-source-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.78.1 kernel-default-base-5.3.18-24.78.1.9.36.1 kernel-default-debuginfo-5.3.18-24.78.1 kernel-default-debugsource-5.3.18-24.78.1 kernel-default-devel-5.3.18-24.78.1 kernel-default-devel-debuginfo-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.78.1 kernel-preempt-debuginfo-5.3.18-24.78.1 kernel-preempt-debugsource-5.3.18-24.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.78.1 kernel-macros-5.3.18-24.78.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.78.1 cluster-md-kmp-default-debuginfo-5.3.18-24.78.1 dlm-kmp-default-5.3.18-24.78.1 dlm-kmp-default-debuginfo-5.3.18-24.78.1 gfs2-kmp-default-5.3.18-24.78.1 gfs2-kmp-default-debuginfo-5.3.18-24.78.1 kernel-default-debuginfo-5.3.18-24.78.1 kernel-default-debugsource-5.3.18-24.78.1 ocfs2-kmp-default-5.3.18-24.78.1 ocfs2-kmp-default-debuginfo-5.3.18-24.78.1 References: https://www.suse.com/security/cve/CVE-2021-21781.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1180092 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184631 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186194 https://bugzilla.suse.com/1186206 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1187476 https://bugzilla.suse.com/1188101 https://bugzilla.suse.com/1188405 https://bugzilla.suse.com/1188445 https://bugzilla.suse.com/1188504 https://bugzilla.suse.com/1188620 https://bugzilla.suse.com/1188683 https://bugzilla.suse.com/1188746 https://bugzilla.suse.com/1188747 https://bugzilla.suse.com/1188748 https://bugzilla.suse.com/1188770 https://bugzilla.suse.com/1188771 https://bugzilla.suse.com/1188772 https://bugzilla.suse.com/1188773 https://bugzilla.suse.com/1188774 https://bugzilla.suse.com/1188777 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188973 From sle-updates at lists.suse.com Tue Aug 17 19:17:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:17:59 +0200 (CEST) Subject: SUSE-SU-2021:2762-1: important: Security update for webkit2gtk3 Message-ID: <20210817191759.69DC7FD0A@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2762-1 Rating: important References: #1188697 Cross-References: CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 CVSS scores: CVE-2021-21775 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21775 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21779 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21779 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30749 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2762=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2762=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2762=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2762=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2762=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2762=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2762=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2762=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2762=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2762=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2762=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2762=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2762=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Manager Server 4.0 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Manager Retail Branch Server 4.0 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Manager Proxy 4.0 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Manager Proxy 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise Server for SAP 15 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise Server 15-LTSS (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 - SUSE Enterprise Storage 6 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE CaaS Platform 4.0 (noarch): libsoup-lang-2.62.2-17.8.1 libwebkit2gtk3-lang-2.32.3-3.77.3 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.32.3-3.77.3 libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-3.77.3 libsoup-2_4-1-2.62.2-17.8.1 libsoup-2_4-1-debuginfo-2.62.2-17.8.1 libsoup-debugsource-2.62.2-17.8.1 libsoup-devel-2.62.2-17.8.1 libwebkit2gtk-4_0-37-2.32.3-3.77.3 libwebkit2gtk-4_0-37-debuginfo-2.32.3-3.77.3 typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3 typelib-1_0-Soup-2_4-2.62.2-17.8.1 typelib-1_0-WebKit2-4_0-2.32.3-3.77.3 typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-3.77.3 webkit2gtk3-debugsource-2.32.3-3.77.3 webkit2gtk3-devel-2.32.3-3.77.3 References: https://www.suse.com/security/cve/CVE-2021-21775.html https://www.suse.com/security/cve/CVE-2021-21779.html https://www.suse.com/security/cve/CVE-2021-30663.html https://www.suse.com/security/cve/CVE-2021-30665.html https://www.suse.com/security/cve/CVE-2021-30689.html https://www.suse.com/security/cve/CVE-2021-30720.html https://www.suse.com/security/cve/CVE-2021-30734.html https://www.suse.com/security/cve/CVE-2021-30744.html https://www.suse.com/security/cve/CVE-2021-30749.html https://www.suse.com/security/cve/CVE-2021-30758.html https://www.suse.com/security/cve/CVE-2021-30795.html https://www.suse.com/security/cve/CVE-2021-30797.html https://www.suse.com/security/cve/CVE-2021-30799.html https://bugzilla.suse.com/1188697 From sle-updates at lists.suse.com Tue Aug 17 19:19:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:19:23 +0200 (CEST) Subject: SUSE-RU-2021:2763-1: critical: Recommended update for cpio Message-ID: <20210817191923.8C116FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2763-1 Rating: critical References: #1189465 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2763=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2763=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2763=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2763=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2763=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2763=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2763=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2763=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2763=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2763=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2763=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2763=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2763=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2763=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2763=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2763=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Manager Server 4.0 (noarch): cpio-lang-2.12-3.6.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Manager Retail Branch Server 4.0 (noarch): cpio-lang-2.12-3.6.2 - SUSE Manager Proxy 4.0 (noarch): cpio-lang-2.12-3.6.2 - SUSE Manager Proxy 4.0 (x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): cpio-lang-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): cpio-lang-2.12-3.6.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE Enterprise Storage 6 (noarch): cpio-lang-2.12-3.6.2 - SUSE CaaS Platform 4.0 (x86_64): cpio-2.12-3.6.2 cpio-debuginfo-2.12-3.6.2 cpio-debugsource-2.12-3.6.2 cpio-mt-2.12-3.6.2 cpio-mt-debuginfo-2.12-3.6.2 - SUSE CaaS Platform 4.0 (noarch): cpio-lang-2.12-3.6.2 References: https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Tue Aug 17 19:20:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:20:50 +0200 (CEST) Subject: SUSE-SU-2021:2764-1: critical: Security update for libsndfile Message-ID: <20210817192050.A0E5CFD0A@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2764-1 Rating: critical References: #1100167 #1116993 #1117954 #1188540 Cross-References: CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 CVSS scores: CVE-2018-13139 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-13139 (SUSE): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-19432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19432 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-19758 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19758 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3246 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3246 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2764=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2764=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2764=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2764=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2764=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2764=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2764=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2764=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2764=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2764=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2764=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2764=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2764=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2764=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2764=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2764=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2764=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Manager Proxy 4.0 (x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile1-32bit-1.0.28-5.12.1 libsndfile1-32bit-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile1-32bit-1.0.28-5.12.1 libsndfile1-32bit-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 - SUSE CaaS Platform 4.0 (x86_64): libsndfile-debugsource-1.0.28-5.12.1 libsndfile-devel-1.0.28-5.12.1 libsndfile1-1.0.28-5.12.1 libsndfile1-debuginfo-1.0.28-5.12.1 References: https://www.suse.com/security/cve/CVE-2018-13139.html https://www.suse.com/security/cve/CVE-2018-19432.html https://www.suse.com/security/cve/CVE-2018-19758.html https://www.suse.com/security/cve/CVE-2021-3246.html https://bugzilla.suse.com/1100167 https://bugzilla.suse.com/1116993 https://bugzilla.suse.com/1117954 https://bugzilla.suse.com/1188540 From sle-updates at lists.suse.com Tue Aug 17 19:22:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:22:31 +0200 (CEST) Subject: SUSE-SU-2021:2765-1: moderate: Security update for libmspack Message-ID: <20210817192231.7CC8AFD0A@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2765-1 Rating: moderate References: #1103032 Cross-References: CVE-2018-14681 CVE-2018-14682 CVSS scores: CVE-2018-14681 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14681 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-14682 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14682 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2765=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2765=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.10.1 libmspack-devel-0.4-15.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.10.1 libmspack0-0.4-15.10.1 libmspack0-debuginfo-0.4-15.10.1 References: https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://bugzilla.suse.com/1103032 From sle-updates at lists.suse.com Tue Aug 17 19:23:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:23:41 +0200 (CEST) Subject: SUSE-SU-2021:2761-1: important: Security update for rubygem-puma Message-ID: <20210817192341.0BBCAFD0A@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2761-1 Rating: important References: #1188527 Cross-References: CVE-2021-29509 CVSS scores: CVE-2021-29509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-puma fixes the following issues: - CVE-2021-29509: Incomplete fix for CVE-2019-16770 allows Denial of Service (bsc#1188527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2761=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-puma-2.16.0-3.12.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.12.1 rubygem-puma-debugsource-2.16.0-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-29509.html https://bugzilla.suse.com/1188527 From sle-updates at lists.suse.com Tue Aug 17 19:27:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:27:02 +0200 (CEST) Subject: SUSE-SU-2021:2766-1: moderate: Security update for spice-vdagent Message-ID: <20210817192702.74799FD0A@maintenance.suse.de> SUSE Security Update: Security update for spice-vdagent ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2766-1 Rating: moderate References: #1177780 #1177781 #1177782 #1177783 Cross-References: CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 CVSS scores: CVE-2020-25650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25651 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L CVE-2020-25651 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:H CVE-2020-25652 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25652 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25653 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2766=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): spice-vdagent-0.16.0-8.8.2 spice-vdagent-debuginfo-0.16.0-8.8.2 spice-vdagent-debugsource-0.16.0-8.8.2 References: https://www.suse.com/security/cve/CVE-2020-25650.html https://www.suse.com/security/cve/CVE-2020-25651.html https://www.suse.com/security/cve/CVE-2020-25652.html https://www.suse.com/security/cve/CVE-2020-25653.html https://bugzilla.suse.com/1177780 https://bugzilla.suse.com/1177781 https://bugzilla.suse.com/1177782 https://bugzilla.suse.com/1177783 From sle-updates at lists.suse.com Tue Aug 17 19:28:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:28:39 +0200 (CEST) Subject: SUSE-RU-2021:2767-1: critical: Recommended update for cpio Message-ID: <20210817192839.D151EFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2767-1 Rating: critical References: #1189465 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2767=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2767=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2767=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2767=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2767=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2767=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2767=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2767=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2767=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2767=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2767=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2767=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): cpio-lang-2.11-36.9.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): cpio-lang-2.11-36.9.2 - SUSE OpenStack Cloud 9 (noarch): cpio-lang-2.11-36.9.2 - SUSE OpenStack Cloud 9 (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE OpenStack Cloud 8 (noarch): cpio-lang-2.11-36.9.2 - SUSE OpenStack Cloud 8 (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): cpio-lang-2.11-36.9.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): cpio-lang-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): cpio-lang-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): cpio-lang-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): cpio-lang-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): cpio-lang-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): cpio-lang-2.11-36.9.2 - HPE Helion Openstack 8 (x86_64): cpio-2.11-36.9.2 cpio-debuginfo-2.11-36.9.2 cpio-debugsource-2.11-36.9.2 - HPE Helion Openstack 8 (noarch): cpio-lang-2.11-36.9.2 References: https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Tue Aug 17 19:31:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:31:25 +0200 (CEST) Subject: SUSE-RU-2021:14784-1: critical: Recommended update for cpio Message-ID: <20210817193125.3918DFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14784-1 Rating: critical References: #1189465 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cpio-14784=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cpio-14784=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cpio-14784=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-cpio-14784=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cpio-2.9-75.81.8.2 cpio-lang-2.9-75.81.8.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cpio-2.9-75.81.8.2 cpio-lang-2.9-75.81.8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cpio-debuginfo-2.9-75.81.8.2 cpio-debugsource-2.9-75.81.8.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): cpio-debuginfo-2.9-75.81.8.2 cpio-debugsource-2.9-75.81.8.2 References: https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Tue Aug 17 19:33:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:33:40 +0200 (CEST) Subject: SUSE-SU-2021:2768-1: important: Security update for haproxy Message-ID: <20210817193340.9AE8CFD0A@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2768-1 Rating: important References: #1189366 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 (bsc#1189366). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2768=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-8.19.1 haproxy-debuginfo-2.0.14-8.19.1 haproxy-debugsource-2.0.14-8.19.1 References: https://bugzilla.suse.com/1189366 From sle-updates at lists.suse.com Tue Aug 17 19:34:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:34:59 +0200 (CEST) Subject: SUSE-SU-2021:2760-1: important: Security update for c-ares Message-ID: <20210817193459.8476AFD0A@maintenance.suse.de> SUSE Security Update: Security update for c-ares ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2760-1 Rating: important References: #1188881 Cross-References: CVE-2021-3672 CVSS scores: CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2760=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2760=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2760=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2760=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2760=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2760=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2760=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2760=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2760=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2760=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2760=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2760=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2760=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2760=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2760=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Manager Proxy 4.0 (x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 - SUSE CaaS Platform 4.0 (x86_64): c-ares-debugsource-1.17.1+20200724-3.14.1 c-ares-devel-1.17.1+20200724-3.14.1 libcares2-1.17.1+20200724-3.14.1 libcares2-debuginfo-1.17.1+20200724-3.14.1 References: https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 From sle-updates at lists.suse.com Tue Aug 17 19:36:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:36:18 +0200 (CEST) Subject: SUSE-SU-2021:2769-1: important: Security update for haproxy Message-ID: <20210817193618.3B82CFD0A@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2769-1 Rating: important References: #1189366 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 (bsc#1189366). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-2769=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-3.27.1 haproxy-debuginfo-2.0.14-3.27.1 haproxy-debugsource-2.0.14-3.27.1 References: https://bugzilla.suse.com/1189366 From sle-updates at lists.suse.com Tue Aug 17 19:37:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Aug 2021 21:37:32 +0200 (CEST) Subject: SUSE-RU-2021:2758-1: moderate: Recommended update for jeos-firstboot Message-ID: <20210817193732.E7A84FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for jeos-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2758-1 Rating: moderate References: #1177188 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for jeos-firstboot fixes the following issues: - Update to version 1.0.1: * Always show manual SSID option * Call dialog with --backtitle everywhere * Calculate the height of menus dynamically (bsc#1177188) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2758=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jeos-firstboot-1.0.1-3.3.1 References: https://bugzilla.suse.com/1177188 From sle-updates at lists.suse.com Wed Aug 18 01:16:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Aug 2021 03:16:46 +0200 (CEST) Subject: SUSE-RU-2021:2770-1: moderate: Recommended update for openCryptoki Message-ID: <20210818011646.D2694FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2770-1 Rating: moderate References: #1179319 #1182120 #1182190 #1182726 #1185976 #1188879 ECO-2377 SLE-14723 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes and contains two features can now be installed. Description: This update for openCryptoki fixes the following issues: - Fixed a bug where the pkcscca migration fails with usr/sb2 is not a valid slot ID (bsc#1182120) - Fixed a segmentation fault of the sess_opstate test on the Soft Token (bsc#1182190) - Fixed a segmentation fault of the p11sak list-key (bsc#1182726) - Fixed an issue when soft token does not check if an EC key is valid. (bsc#1185976) - Fixed an issue when the rendered config file incompatible and opencryptoki slot daemon is not able to start up again after migration. (bsc#1188879) Upgraded from version 3.12.1 to 3.15.1 (jsc#SLE-14723) - Conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - EP11: Dilitium support stage 2 - Common: Rework on process, thread, btree and object locking - TPM, ICA, ICSF: support multiple token instances - new tool p11sak - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Fix compiling with C++ (bsc#1179319) - Added error message handling for p11sak remove-key command. (bsc#1179319) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2770=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openCryptoki-3.15.1-4.9.1 openCryptoki-debuginfo-3.15.1-4.9.1 openCryptoki-debugsource-3.15.1-4.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le s390x x86_64): openCryptoki-devel-3.15.1-4.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le s390x): openCryptoki-64bit-3.15.1-4.9.1 openCryptoki-64bit-debuginfo-3.15.1-4.9.1 References: https://bugzilla.suse.com/1179319 https://bugzilla.suse.com/1182120 https://bugzilla.suse.com/1182190 https://bugzilla.suse.com/1182726 https://bugzilla.suse.com/1185976 https://bugzilla.suse.com/1188879 From sle-updates at lists.suse.com Wed Aug 18 13:18:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Aug 2021 15:18:11 +0200 (CEST) Subject: SUSE-RU-2021:2772-1: moderate: Recommended update for linuxrc Message-ID: <20210818131811.E58A4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for linuxrc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2772-1 Rating: moderate References: #1187235 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for linuxrc fixes the following issues: - Read 'rules.xml' if autoyast option indicates a rules-based setup. (bsc#1187235) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2772=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): linuxrc-7.0.30.5-3.6.1 linuxrc-debuginfo-7.0.30.5-3.6.1 linuxrc-debugsource-7.0.30.5-3.6.1 References: https://bugzilla.suse.com/1187235 From sle-updates at lists.suse.com Wed Aug 18 13:19:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Aug 2021 15:19:29 +0200 (CEST) Subject: SUSE-SU-2021:2771-1: moderate: Security update for fetchmail Message-ID: <20210818131929.8D6F3FD0A@maintenance.suse.de> SUSE Security Update: Security update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2771-1 Rating: moderate References: #1033081 #1182807 #1188034 #1188875 Cross-References: CVE-2021-36386 CVSS scores: CVE-2021-36386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for fetchmail fixes the following issues: - CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875) - Change PASSWORDLEN from 64 to 256 [bsc#1188034] - Set the hostname for SNI when using TLS [bsc#1182807] - Allow --syslog option in daemon mode. (bsc#1033081) - Set the hostname for SNI when using TLS. (bsc#1182807) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2771=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2771=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2771=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2771=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2771=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2771=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2771=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2771=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2771=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2771=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE OpenStack Cloud 9 (x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE OpenStack Cloud 8 (x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): fetchmail-6.3.26-13.12.1 fetchmail-debuginfo-6.3.26-13.12.1 fetchmail-debugsource-6.3.26-13.12.1 fetchmailconf-6.3.26-13.12.1 References: https://www.suse.com/security/cve/CVE-2021-36386.html https://bugzilla.suse.com/1033081 https://bugzilla.suse.com/1182807 https://bugzilla.suse.com/1188034 https://bugzilla.suse.com/1188875 From sle-updates at lists.suse.com Wed Aug 18 19:16:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Aug 2021 21:16:50 +0200 (CEST) Subject: SUSE-SU-2021:2773-1: important: Security update for haproxy Message-ID: <20210818191650.B6C50FD0A@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2773-1 Rating: important References: #1189366 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 (bsc#1189366). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2773=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2773=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-11.7.1 haproxy-debuginfo-2.0.14-11.7.1 haproxy-debugsource-2.0.14-11.7.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-11.7.1 haproxy-debuginfo-2.0.14-11.7.1 haproxy-debugsource-2.0.14-11.7.1 References: https://bugzilla.suse.com/1189366 From sle-updates at lists.suse.com Thu Aug 19 16:28:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Aug 2021 18:28:00 +0200 (CEST) Subject: SUSE-SU-2021:2777-1: moderate: Security update for postgresql10 Message-ID: <20210819162800.DBC85FD0A@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2777-1 Rating: moderate References: #1179765 #1179945 #1183118 #1183168 #1185924 #1185925 Cross-References: CVE-2021-32027 CVE-2021-32028 CVSS scores: CVE-2021-32027 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32027 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use _stop_on_removal, because it was meant to be private and got removed from openSUSE. _restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package (bsc#1179765). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2777=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2777=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2777=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2777=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libecpg6-10.17-4.35.1 libecpg6-debuginfo-10.17-4.35.1 libpq5-10.17-4.35.1 libpq5-debuginfo-10.17-4.35.1 postgresql10-10.17-4.35.1 postgresql10-contrib-10.17-4.35.1 postgresql10-contrib-debuginfo-10.17-4.35.1 postgresql10-debuginfo-10.17-4.35.1 postgresql10-debugsource-10.17-4.35.1 postgresql10-devel-10.17-4.35.1 postgresql10-devel-debuginfo-10.17-4.35.1 postgresql10-plperl-10.17-4.35.1 postgresql10-plperl-debuginfo-10.17-4.35.1 postgresql10-plpython-10.17-4.35.1 postgresql10-plpython-debuginfo-10.17-4.35.1 postgresql10-pltcl-10.17-4.35.1 postgresql10-pltcl-debuginfo-10.17-4.35.1 postgresql10-server-10.17-4.35.1 postgresql10-server-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): postgresql10-docs-10.17-4.35.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpq5-32bit-10.17-4.35.1 libpq5-32bit-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libecpg6-10.17-4.35.1 libecpg6-debuginfo-10.17-4.35.1 libpq5-10.17-4.35.1 libpq5-debuginfo-10.17-4.35.1 postgresql10-10.17-4.35.1 postgresql10-contrib-10.17-4.35.1 postgresql10-contrib-debuginfo-10.17-4.35.1 postgresql10-debuginfo-10.17-4.35.1 postgresql10-debugsource-10.17-4.35.1 postgresql10-devel-10.17-4.35.1 postgresql10-devel-debuginfo-10.17-4.35.1 postgresql10-plperl-10.17-4.35.1 postgresql10-plperl-debuginfo-10.17-4.35.1 postgresql10-plpython-10.17-4.35.1 postgresql10-plpython-debuginfo-10.17-4.35.1 postgresql10-pltcl-10.17-4.35.1 postgresql10-pltcl-debuginfo-10.17-4.35.1 postgresql10-server-10.17-4.35.1 postgresql10-server-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): postgresql10-docs-10.17-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libecpg6-10.17-4.35.1 libecpg6-debuginfo-10.17-4.35.1 libpq5-10.17-4.35.1 libpq5-debuginfo-10.17-4.35.1 postgresql10-10.17-4.35.1 postgresql10-contrib-10.17-4.35.1 postgresql10-contrib-debuginfo-10.17-4.35.1 postgresql10-debuginfo-10.17-4.35.1 postgresql10-debugsource-10.17-4.35.1 postgresql10-devel-10.17-4.35.1 postgresql10-devel-debuginfo-10.17-4.35.1 postgresql10-plperl-10.17-4.35.1 postgresql10-plperl-debuginfo-10.17-4.35.1 postgresql10-plpython-10.17-4.35.1 postgresql10-plpython-debuginfo-10.17-4.35.1 postgresql10-pltcl-10.17-4.35.1 postgresql10-pltcl-debuginfo-10.17-4.35.1 postgresql10-server-10.17-4.35.1 postgresql10-server-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpq5-32bit-10.17-4.35.1 libpq5-32bit-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): postgresql10-docs-10.17-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libecpg6-10.17-4.35.1 libecpg6-debuginfo-10.17-4.35.1 libpq5-10.17-4.35.1 libpq5-debuginfo-10.17-4.35.1 postgresql10-10.17-4.35.1 postgresql10-contrib-10.17-4.35.1 postgresql10-contrib-debuginfo-10.17-4.35.1 postgresql10-debuginfo-10.17-4.35.1 postgresql10-debugsource-10.17-4.35.1 postgresql10-devel-10.17-4.35.1 postgresql10-devel-debuginfo-10.17-4.35.1 postgresql10-plperl-10.17-4.35.1 postgresql10-plperl-debuginfo-10.17-4.35.1 postgresql10-plpython-10.17-4.35.1 postgresql10-plpython-debuginfo-10.17-4.35.1 postgresql10-pltcl-10.17-4.35.1 postgresql10-pltcl-debuginfo-10.17-4.35.1 postgresql10-server-10.17-4.35.1 postgresql10-server-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpq5-32bit-10.17-4.35.1 libpq5-32bit-debuginfo-10.17-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): postgresql10-docs-10.17-4.35.1 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://bugzilla.suse.com/1179765 https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183118 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 From sle-updates at lists.suse.com Thu Aug 19 16:29:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Aug 2021 18:29:46 +0200 (CEST) Subject: SUSE-RU-2021:2775-1: moderate: Recommended update for btrfsprogs Message-ID: <20210819162946.37D40FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2775-1 Rating: moderate References: #1188175 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsprogs fixes the following issues: - Fixes running "filesystem du" on a btrfs filesystem which contains a single directory that is not a btrfs filesystem and this result in premature exit. (bsc#1188175) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2775=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2775=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-26.12.1 btrfsprogs-debugsource-4.5.3-26.12.1 libbtrfs-devel-4.5.3-26.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-26.12.1 btrfsprogs-debuginfo-4.5.3-26.12.1 btrfsprogs-debugsource-4.5.3-26.12.1 libbtrfs0-4.5.3-26.12.1 libbtrfs0-debuginfo-4.5.3-26.12.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): btrfsprogs-udev-rules-4.5.3-26.12.1 References: https://bugzilla.suse.com/1188175 From sle-updates at lists.suse.com Thu Aug 19 16:32:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Aug 2021 18:32:07 +0200 (CEST) Subject: SUSE-SU-2021:2774-1: important: Security update for MozillaFirefox Message-ID: <20210819163207.A548EFD0A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2774-1 Rating: important References: #1188891 SLE-18626 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2774=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2774=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.13.0-8.49.1 MozillaFirefox-debuginfo-78.13.0-8.49.1 MozillaFirefox-debugsource-78.13.0-8.49.1 MozillaFirefox-translations-common-78.13.0-8.49.1 MozillaFirefox-translations-other-78.13.0-8.49.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.13.0-8.49.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.13.0-8.49.1 MozillaFirefox-debuginfo-78.13.0-8.49.1 MozillaFirefox-debugsource-78.13.0-8.49.1 MozillaFirefox-devel-78.13.0-8.49.1 MozillaFirefox-translations-common-78.13.0-8.49.1 MozillaFirefox-translations-other-78.13.0-8.49.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Thu Aug 19 16:33:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Aug 2021 18:33:20 +0200 (CEST) Subject: SUSE-RU-2021:2778-1: moderate: Recommended update for compat-libpthread-nonshared Message-ID: <20210819163320.0DC6FFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for compat-libpthread-nonshared ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2778-1 Rating: moderate References: #1188004 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for compat-libpthread-nonshared fixes the following issues: - Add build for 32-bit version for Oracle client. (bsc#1188004) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2778=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): compat-libpthread-nonshared-0-3.3.1 References: https://bugzilla.suse.com/1188004 From sle-updates at lists.suse.com Thu Aug 19 19:19:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Aug 2021 21:19:03 +0200 (CEST) Subject: SUSE-RU-2021:2780-1: critical: Recommended update for cpio Message-ID: <20210819191903.75DB7FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2780-1 Rating: critical References: #1189465 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2780=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2780=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2780=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2780=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2780=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2780=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2780=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2780=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2780=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2780=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2780=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2780=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2780=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2780=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2780=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2780=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Manager Server 4.0 (noarch): cpio-lang-2.12-3.9.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Manager Retail Branch Server 4.0 (noarch): cpio-lang-2.12-3.9.1 - SUSE Manager Proxy 4.0 (noarch): cpio-lang-2.12-3.9.1 - SUSE Manager Proxy 4.0 (x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): cpio-lang-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): cpio-lang-2.12-3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE Enterprise Storage 6 (noarch): cpio-lang-2.12-3.9.1 - SUSE CaaS Platform 4.0 (x86_64): cpio-2.12-3.9.1 cpio-debuginfo-2.12-3.9.1 cpio-debugsource-2.12-3.9.1 cpio-mt-2.12-3.9.1 cpio-mt-debuginfo-2.12-3.9.1 - SUSE CaaS Platform 4.0 (noarch): cpio-lang-2.12-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Thu Aug 19 19:25:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Aug 2021 21:25:31 +0200 (CEST) Subject: SUSE-RU-2021:2779-1: critical: Recommended update for cpio Message-ID: <20210819192531.566FAFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2779-1 Rating: critical References: #1189465 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2779=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2779=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2779=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2779=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2779=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2779=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2779=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2779=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2779=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2779=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2779=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2779=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): cpio-lang-2.11-36.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): cpio-lang-2.11-36.12.1 - SUSE OpenStack Cloud 9 (noarch): cpio-lang-2.11-36.12.1 - SUSE OpenStack Cloud 9 (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE OpenStack Cloud 8 (noarch): cpio-lang-2.11-36.12.1 - SUSE OpenStack Cloud 8 (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): cpio-lang-2.11-36.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 - HPE Helion Openstack 8 (noarch): cpio-lang-2.11-36.12.1 - HPE Helion Openstack 8 (x86_64): cpio-2.11-36.12.1 cpio-debuginfo-2.11-36.12.1 cpio-debugsource-2.11-36.12.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Thu Aug 19 22:16:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 00:16:57 +0200 (CEST) Subject: SUSE-RU-2021:2782-1: important: Recommended update for yast2-installation Message-ID: <20210819221657.AA0DBFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2782-1 Rating: important References: #1187220 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-installation fixes the following issues: - Activate devices before probing to fix an issue when volume groups are incomplete due to inactive multipathing after upgrade. (bsc#1187220) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2782=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-2782=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-installation-4.3.41-3.7.2 yast2-proxy-4.3.3-3.5.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): yast2-installation-4.3.41-3.7.2 yast2-proxy-4.3.3-3.5.1 References: https://bugzilla.suse.com/1187220 From sle-updates at lists.suse.com Thu Aug 19 22:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 00:18:09 +0200 (CEST) Subject: SUSE-RU-2021:2783-1: important: Recommended update for yast2-country Message-ID: <20210819221809.F2775FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-country ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2783-1 Rating: important References: #1187270 #1188406 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-country fixes the following issues: - AutoYaST: allow empty /profile/timezone/timezone setting, meaning to keep the UTC default (bsc#1188406). - Fix the Comment entry in the desktop file so the tooltip in the control center is properly translated (bsc#1187270). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2783=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-2783=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-country-4.3.16-3.6.1 yast2-country-data-4.3.16-3.6.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-country-4.3.16-3.6.1 yast2-country-data-4.3.16-3.6.1 References: https://bugzilla.suse.com/1187270 https://bugzilla.suse.com/1188406 From sle-updates at lists.suse.com Thu Aug 19 22:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 00:19:30 +0200 (CEST) Subject: SUSE-RU-2021:14786-1: critical: Recommended update for cpio Message-ID: <20210819221930.7A88DFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14786-1 Rating: critical References: #1189465 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cpio-14786=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cpio-14786=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cpio-14786=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-cpio-14786=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cpio-2.9-75.81.11.1 cpio-lang-2.9-75.81.11.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cpio-2.9-75.81.11.1 cpio-lang-2.9-75.81.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cpio-debuginfo-2.9-75.81.11.1 cpio-debugsource-2.9-75.81.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): cpio-debuginfo-2.9-75.81.11.1 cpio-debugsource-2.9-75.81.11.1 References: https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Thu Aug 19 22:22:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 00:22:54 +0200 (CEST) Subject: SUSE-RU-2021:2781-1: moderate: Recommended update for psqlODBC Message-ID: <20210819222254.3AC8AFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for psqlODBC ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2781-1 Rating: moderate References: SLE-18001 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for psqlODBC fixes the following issues: - Update to 13.01.0000: * Fix a bug of CC_send_query_append() when the ignore_roundtrip_time flag is on. * Add a call for SQLDescribeCol() before SQLExecute() to prepare-test. * Add a *update returning* test case to insertreturning regression test. * Let SQLDescribeCol() use parsed result when the current executed result is NULL. * Let SQLExecute() destroy the old result first. * Forget to apply disable_convert_func flag to VARCHAR and LONGVARCHAR. * Prioritize DISABLE_KEEPALIVE checkbox over the disable_keepalive bit of ExtraOptions. * Format check for ExtraOptions of setup dialog. - Update to 13.00.0000: * Add support for CONVERT scalar function. * Cope with the case that openssl libraries link msvc runtimes other than libraries which psqlodbc or libpq links. * Call AC_CHECK_SIZEOF() or AC_CHECK_TYPES() macros at earlier stage where LIBS variable isn't set yet. * Fix a compilation error with GCC 10 due to conflicting variable names. * Remove curr_param_result property of StatementClass and separate parsed result from the exec result. * Add support for development with VC16(Visual Studio 2019). * Hold the first and last result for parametrized SQL statements with array of parameters. * This would improve the performance of bulk inserts/updates etc. * Revise the handling of QResultClass list. * Introduce macros QR_concat(), QR_detach() and QR_next(). * Correct the handling of SQL_ROW_ERROR and SQL_ROW_SUCCESS_WITH_INFO. * Remove the single table restriction in SC_set_SS_columnkey. * Improve error reporting about SC_pos_reload_needed(). - Update to 12.02.0000: * Add a new *Display Optional Error Message* option. * Handle notice messages in libpq_bind_and_exec(). * Ignore PQtransactionStatus PQTRANS_ACTIVE in LIBPQ_update_transaction_status(). PQTRANS_ACTIVE isn't a transaction status. * Improve execution of parameterized SQL statements with arrays * Add a new option IgnoreTimeout. * An improvement for psqlodbc developpers. Make it possible to call some shell scripts from other directories. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2781=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2781=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): psqlODBC-13.01.0000-3.9.1 psqlODBC-debuginfo-13.01.0000-3.9.1 psqlODBC-debugsource-13.01.0000-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): psqlODBC-13.01.0000-3.9.1 psqlODBC-debuginfo-13.01.0000-3.9.1 psqlODBC-debugsource-13.01.0000-3.9.1 References: From sle-updates at lists.suse.com Fri Aug 20 04:17:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 06:17:35 +0200 (CEST) Subject: SUSE-RU-2021:2786-1: important: Recommended update for bash Message-ID: <20210820041735.685ACFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2786-1 Rating: important References: #1057452 #1188287 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2786=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bash-4.4-19.6.1 bash-debuginfo-4.4-19.6.1 bash-debugsource-4.4-19.6.1 bash-devel-4.4-19.6.1 libreadline7-7.0-19.6.1 libreadline7-debuginfo-7.0-19.6.1 readline-devel-7.0-19.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libreadline7-32bit-7.0-19.6.1 libreadline7-32bit-debuginfo-7.0-19.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): bash-doc-4.4-19.6.1 bash-lang-4.4-19.6.1 readline-doc-7.0-19.6.1 References: https://bugzilla.suse.com/1057452 https://bugzilla.suse.com/1188287 From sle-updates at lists.suse.com Fri Aug 20 04:18:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 06:18:45 +0200 (CEST) Subject: SUSE-RU-2021:2785-1: moderate: Recommended update for habootstrap-formula Message-ID: <20210820041845.4F12BFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for habootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2785-1 Rating: moderate References: #1181731 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for habootstrap-formula fixes the following issue: - Fix SUSE Manager integration. (bsc#1181731) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-2785=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2785=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2785=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-4.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-4.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-4.21.1 References: https://bugzilla.suse.com/1181731 From sle-updates at lists.suse.com Fri Aug 20 10:19:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 12:19:19 +0200 (CEST) Subject: SUSE-RU-2021:2223-2: moderate: Recommended update for chrony Message-ID: <20210820101919.D6385FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2223-2 Rating: moderate References: #1173760 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chrony fixes the following issues: - Fixed an issue when chrony aborts in FIPS mode due to MD5. (bsc#1173760) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2223=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2223=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2223=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2223=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2223=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2223=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2223=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2223=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2223=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2223=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2223=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2223=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2223=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Manager Server 4.0 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Manager Retail Branch Server 4.0 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Manager Proxy 4.0 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Manager Proxy 4.0 (x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE Enterprise Storage 6 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 - SUSE CaaS Platform 4.0 (x86_64): chrony-3.2-9.24.2 chrony-debuginfo-3.2-9.24.2 chrony-debugsource-3.2-9.24.2 - SUSE CaaS Platform 4.0 (noarch): chrony-pool-empty-3.2-9.24.2 chrony-pool-suse-3.2-9.24.2 References: https://bugzilla.suse.com/1173760 From sle-updates at lists.suse.com Fri Aug 20 13:20:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:20:41 +0200 (CEST) Subject: SUSE-SU-2021:2803-1: moderate: Security update for spice-vdagent Message-ID: <20210820132041.E0599FD17@maintenance.suse.de> SUSE Security Update: Security update for spice-vdagent ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2803-1 Rating: moderate References: #1177780 #1177781 #1177782 #1177783 Cross-References: CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 CVSS scores: CVE-2020-25650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25651 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L CVE-2020-25651 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:H CVE-2020-25652 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25652 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25653 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2803=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2803=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2803=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2803=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2803=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2803=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2803=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2803=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2803=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2803=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2803=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2803=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2803=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Manager Proxy 4.0 (x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 - SUSE CaaS Platform 4.0 (x86_64): spice-vdagent-0.17.0-4.3.1 spice-vdagent-debuginfo-0.17.0-4.3.1 spice-vdagent-debugsource-0.17.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-25650.html https://www.suse.com/security/cve/CVE-2020-25651.html https://www.suse.com/security/cve/CVE-2020-25652.html https://www.suse.com/security/cve/CVE-2020-25653.html https://bugzilla.suse.com/1177780 https://bugzilla.suse.com/1177781 https://bugzilla.suse.com/1177782 https://bugzilla.suse.com/1177783 From sle-updates at lists.suse.com Fri Aug 20 13:22:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:22:37 +0200 (CEST) Subject: SUSE-SU-2021:2793-1: important: Security update for openexr Message-ID: <20210820132237.0842DFD0A@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2793-1 Rating: important References: #1188457 #1188458 #1188459 #1188460 #1188461 #1188462 Cross-References: CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 CVSS scores: CVE-2021-20298 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20300 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20302 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20303 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2021-20304 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3476 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3476 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2793=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2793=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2793=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2793=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2793=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2793=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2793=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2793=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2793=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2793=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2793=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2793=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2793=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2793=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2793=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Manager Proxy 4.0 (x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 - SUSE CaaS Platform 4.0 (x86_64): libIlmImf-2_2-23-2.2.1-3.35.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.35.1 libIlmImfUtil-2_2-23-2.2.1-3.35.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.35.1 openexr-debuginfo-2.2.1-3.35.1 openexr-debugsource-2.2.1-3.35.1 openexr-devel-2.2.1-3.35.1 References: https://www.suse.com/security/cve/CVE-2021-20298.html https://www.suse.com/security/cve/CVE-2021-20299.html https://www.suse.com/security/cve/CVE-2021-20300.html https://www.suse.com/security/cve/CVE-2021-20302.html https://www.suse.com/security/cve/CVE-2021-20303.html https://www.suse.com/security/cve/CVE-2021-20304.html https://www.suse.com/security/cve/CVE-2021-3476.html https://bugzilla.suse.com/1188457 https://bugzilla.suse.com/1188458 https://bugzilla.suse.com/1188459 https://bugzilla.suse.com/1188460 https://bugzilla.suse.com/1188461 https://bugzilla.suse.com/1188462 From sle-updates at lists.suse.com Fri Aug 20 13:25:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:25:27 +0200 (CEST) Subject: SUSE-SU-2021:2788-1: moderate: Security update for go1.16 Message-ID: <20210820132527.54B53FD0A@maintenance.suse.de> SUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2788-1 Rating: moderate References: #1182345 #1189162 Cross-References: CVE-2021-36221 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for go1.16 fixes the following issues: Update to go1.16.7: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports - go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added - go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero - go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46928 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 - go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2788=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2788=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.7-1.23.1 go1.16-doc-1.16.7-1.23.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.7-1.23.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.16-1.16.7-1.23.1 go1.16-doc-1.16.7-1.23.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.16-race-1.16.7-1.23.1 References: https://www.suse.com/security/cve/CVE-2021-36221.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1189162 From sle-updates at lists.suse.com Fri Aug 20 13:29:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:29:26 +0200 (CEST) Subject: SUSE-SU-2021:2797-1: important: Security update for java-1_8_0-openjdk Message-ID: <20210820132926.1B774FD0A@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2797-1 Rating: important References: #1185056 #1188564 #1188565 #1188566 Cross-References: CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVSS scores: CVE-2021-2161 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-2388 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2797=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2797=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2797=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2797=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2797=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2797=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2797=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2797=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2797=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2797=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2797=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2797=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.302-27.63.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-debugsource-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-1.8.0.302-27.63.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-1.8.0.302-27.63.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-1.8.0.302-27.63.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-27.63.2 References: https://www.suse.com/security/cve/CVE-2021-2161.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2388.html https://bugzilla.suse.com/1185056 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188566 From sle-updates at lists.suse.com Fri Aug 20 13:32:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:32:18 +0200 (CEST) Subject: SUSE-SU-2021:2800-1: important: Security update for krb5 Message-ID: <20210820133218.769C4FD0A@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2800-1 Rating: important References: #1188571 Cross-References: CVE-2021-36222 CVSS scores: CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2800=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2800=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2800=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2800=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2800=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2800=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2800=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2800=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2800=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2800=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2800=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2800=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2800=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2800=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): krb5-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Manager Server 4.0 (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): krb5-1.16.3-3.21.1 krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Manager Proxy 4.0 (x86_64): krb5-1.16.3-3.21.1 krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): krb5-1.16.3-3.21.1 krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): krb5-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 - SUSE Enterprise Storage 6 (x86_64): krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 - SUSE CaaS Platform 4.0 (x86_64): krb5-1.16.3-3.21.1 krb5-32bit-1.16.3-3.21.1 krb5-32bit-debuginfo-1.16.3-3.21.1 krb5-client-1.16.3-3.21.1 krb5-client-debuginfo-1.16.3-3.21.1 krb5-debuginfo-1.16.3-3.21.1 krb5-debugsource-1.16.3-3.21.1 krb5-devel-1.16.3-3.21.1 krb5-plugin-kdb-ldap-1.16.3-3.21.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-otp-1.16.3-3.21.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-1.16.3-3.21.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.21.1 krb5-server-1.16.3-3.21.1 krb5-server-debuginfo-1.16.3-3.21.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://bugzilla.suse.com/1188571 From sle-updates at lists.suse.com Fri Aug 20 13:34:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:34:48 +0200 (CEST) Subject: SUSE-SU-2021:2791-1: moderate: Security update for fetchmail Message-ID: <20210820133448.51008FD0A@maintenance.suse.de> SUSE Security Update: Security update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2791-1 Rating: moderate References: #1188034 #1188875 Cross-References: CVE-2021-36386 CVSS scores: CVE-2021-36386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2791=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2791=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2791=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2791=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2791=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2791=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2791=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2791=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2791=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2791=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2791=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2791=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2791=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2791=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2791=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2791=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2791=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Manager Proxy 4.0 (x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 - SUSE CaaS Platform 4.0 (x86_64): fetchmail-6.3.26-20.14.1 fetchmail-debuginfo-6.3.26-20.14.1 fetchmail-debugsource-6.3.26-20.14.1 fetchmailconf-6.3.26-20.14.1 References: https://www.suse.com/security/cve/CVE-2021-36386.html https://bugzilla.suse.com/1188034 https://bugzilla.suse.com/1188875 From sle-updates at lists.suse.com Fri Aug 20 13:38:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:38:33 +0200 (CEST) Subject: SUSE-SU-2021:2789-1: moderate: Security update for qemu Message-ID: <20210820133833.15AE1FD0A@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2789-1 Rating: moderate References: #1180432 #1180433 #1180434 #1180435 #1182651 #1186012 #1189145 Cross-References: CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 CVSS scores: CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-35506 (SUSE): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2789=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2789=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2789=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): qemu-4.2.1-11.28.1 qemu-debuginfo-4.2.1-11.28.1 qemu-debugsource-4.2.1-11.28.1 qemu-tools-4.2.1-11.28.1 qemu-tools-debuginfo-4.2.1-11.28.1 - SUSE MicroOS 5.0 (aarch64): qemu-arm-4.2.1-11.28.1 qemu-arm-debuginfo-4.2.1-11.28.1 - SUSE MicroOS 5.0 (x86_64): qemu-x86-4.2.1-11.28.1 qemu-x86-debuginfo-4.2.1-11.28.1 - SUSE MicroOS 5.0 (noarch): qemu-ipxe-1.0.0+-11.28.1 qemu-seabios-1.12.1+-11.28.1 qemu-sgabios-8-11.28.1 qemu-vgabios-1.12.1+-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-4.2.1-11.28.1 qemu-block-curl-4.2.1-11.28.1 qemu-block-curl-debuginfo-4.2.1-11.28.1 qemu-block-iscsi-4.2.1-11.28.1 qemu-block-iscsi-debuginfo-4.2.1-11.28.1 qemu-block-rbd-4.2.1-11.28.1 qemu-block-rbd-debuginfo-4.2.1-11.28.1 qemu-block-ssh-4.2.1-11.28.1 qemu-block-ssh-debuginfo-4.2.1-11.28.1 qemu-debuginfo-4.2.1-11.28.1 qemu-debugsource-4.2.1-11.28.1 qemu-guest-agent-4.2.1-11.28.1 qemu-guest-agent-debuginfo-4.2.1-11.28.1 qemu-lang-4.2.1-11.28.1 qemu-ui-spice-app-4.2.1-11.28.1 qemu-ui-spice-app-debuginfo-4.2.1-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): qemu-kvm-4.2.1-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le): qemu-ppc-4.2.1-11.28.1 qemu-ppc-debuginfo-4.2.1-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): qemu-arm-4.2.1-11.28.1 qemu-arm-debuginfo-4.2.1-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-11.28.1 qemu-audio-alsa-debuginfo-4.2.1-11.28.1 qemu-audio-pa-4.2.1-11.28.1 qemu-audio-pa-debuginfo-4.2.1-11.28.1 qemu-ui-curses-4.2.1-11.28.1 qemu-ui-curses-debuginfo-4.2.1-11.28.1 qemu-ui-gtk-4.2.1-11.28.1 qemu-ui-gtk-debuginfo-4.2.1-11.28.1 qemu-x86-4.2.1-11.28.1 qemu-x86-debuginfo-4.2.1-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.28.1 qemu-microvm-4.2.1-11.28.1 qemu-seabios-1.12.1+-11.28.1 qemu-sgabios-8-11.28.1 qemu-vgabios-1.12.1+-11.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): qemu-s390-4.2.1-11.28.1 qemu-s390-debuginfo-4.2.1-11.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-4.2.1-11.28.1 qemu-debugsource-4.2.1-11.28.1 qemu-tools-4.2.1-11.28.1 qemu-tools-debuginfo-4.2.1-11.28.1 References: https://www.suse.com/security/cve/CVE-2020-35503.html https://www.suse.com/security/cve/CVE-2020-35504.html https://www.suse.com/security/cve/CVE-2020-35505.html https://www.suse.com/security/cve/CVE-2020-35506.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-3527.html https://www.suse.com/security/cve/CVE-2021-3682.html https://bugzilla.suse.com/1180432 https://bugzilla.suse.com/1180433 https://bugzilla.suse.com/1180434 https://bugzilla.suse.com/1180435 https://bugzilla.suse.com/1182651 https://bugzilla.suse.com/1186012 https://bugzilla.suse.com/1189145 From sle-updates at lists.suse.com Fri Aug 20 13:40:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:40:29 +0200 (CEST) Subject: SUSE-SU-2021:2796-1: important: Security update for djvulibre Message-ID: <20210820134029.DF967FD0A@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2796-1 Rating: important References: #1187869 Cross-References: CVE-2021-3630 CVSS scores: CVE-2021-3630 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3630 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2796=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2796=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2796=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2796=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2796=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2796=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2796=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2796=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2796=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2796=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2796=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2796=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2796=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Manager Proxy 4.0 (x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 - SUSE CaaS Platform 4.0 (x86_64): djvulibre-debuginfo-3.5.27-3.19.1 djvulibre-debugsource-3.5.27-3.19.1 libdjvulibre-devel-3.5.27-3.19.1 libdjvulibre21-3.5.27-3.19.1 libdjvulibre21-debuginfo-3.5.27-3.19.1 References: https://www.suse.com/security/cve/CVE-2021-3630.html https://bugzilla.suse.com/1187869 From sle-updates at lists.suse.com Fri Aug 20 13:41:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:41:46 +0200 (CEST) Subject: SUSE-SU-2021:2790-1: important: Security update for nodejs8 Message-ID: <20210820134146.94FFDFD0A@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2790-1 Rating: important References: #1188917 Cross-References: CVE-2021-22930 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs8 fixes the following issues: - CVE-2021-22930: http2: fixes use after free on close in stream canceling (bsc#1188917). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2790=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2790=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2790=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2790=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2790=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2790=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2790=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2790=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2790=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2790=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2790=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2790=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2790=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Manager Server 4.0 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Manager Retail Branch Server 4.0 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Manager Proxy 4.0 (x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Manager Proxy 4.0 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 - SUSE Enterprise Storage 6 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE CaaS Platform 4.0 (noarch): nodejs8-docs-8.17.0-3.50.1 - SUSE CaaS Platform 4.0 (x86_64): nodejs8-8.17.0-3.50.1 nodejs8-debuginfo-8.17.0-3.50.1 nodejs8-debugsource-8.17.0-3.50.1 nodejs8-devel-8.17.0-3.50.1 npm8-8.17.0-3.50.1 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://bugzilla.suse.com/1188917 From sle-updates at lists.suse.com Fri Aug 20 13:44:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:44:47 +0200 (CEST) Subject: SUSE-SU-2021:2787-1: moderate: Security update for go1.15 Message-ID: <20210820134447.690A4FD17@maintenance.suse.de> SUSE Security Update: Security update for go1.15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2787-1 Rating: moderate References: #1175132 #1188906 #1189162 Cross-References: CVE-2021-36221 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for go1.15 fixes the following issues: Update to go1.15.15: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47347 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports - go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46927 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2787=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2787=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2787=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2787=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2787=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2787=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2787=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2787=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2787=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2787=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2787=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 - SUSE Manager Server 4.0 (x86_64): go1.15-race-1.15.15-1.39.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 - SUSE Manager Proxy 4.0 (x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 x86_64): go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 - SUSE CaaS Platform 4.0 (x86_64): go1.15-1.15.15-1.39.1 go1.15-doc-1.15.15-1.39.1 go1.15-race-1.15.15-1.39.1 References: https://www.suse.com/security/cve/CVE-2021-36221.html https://bugzilla.suse.com/1175132 https://bugzilla.suse.com/1188906 https://bugzilla.suse.com/1189162 From sle-updates at lists.suse.com Fri Aug 20 13:46:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:46:13 +0200 (CEST) Subject: SUSE-SU-2021:2802-1: moderate: Security update for libmspack Message-ID: <20210820134613.3A682FD17@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2802-1 Rating: moderate References: #1103032 Cross-References: CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 CVSS scores: CVE-2018-14679 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14679 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14681 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14681 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-14682 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14682 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2802=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2802=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2802=1 Package List: - SUSE MicroOS 5.0 (x86_64): libmspack-debugsource-0.6-3.11.1 libmspack0-0.6-3.11.1 libmspack0-debuginfo-0.6-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.11.1 libmspack-devel-0.6-3.11.1 libmspack0-0.6-3.11.1 libmspack0-debuginfo-0.6-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.11.1 libmspack-devel-0.6-3.11.1 libmspack0-0.6-3.11.1 libmspack0-debuginfo-0.6-3.11.1 References: https://www.suse.com/security/cve/CVE-2018-14679.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://bugzilla.suse.com/1103032 From sle-updates at lists.suse.com Fri Aug 20 13:47:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:47:19 +0200 (CEST) Subject: SUSE-SU-2021:2794-1: important: Security update for aspell Message-ID: <20210820134719.4F669FD17@maintenance.suse.de> SUSE Security Update: Security update for aspell ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2794-1 Rating: important References: #1177523 #1188576 Cross-References: CVE-2019-25051 CVSS scores: CVE-2019-25051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-25051 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2794=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2794=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): aspell-0.60.8-3.3.1 aspell-debuginfo-0.60.8-3.3.1 aspell-debugsource-0.60.8-3.3.1 aspell-devel-0.60.8-3.3.1 libaspell15-0.60.8-3.3.1 libaspell15-debuginfo-0.60.8-3.3.1 libpspell15-0.60.8-3.3.1 libpspell15-debuginfo-0.60.8-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): aspell-0.60.8-3.3.1 aspell-debuginfo-0.60.8-3.3.1 aspell-debugsource-0.60.8-3.3.1 aspell-devel-0.60.8-3.3.1 libaspell15-0.60.8-3.3.1 libaspell15-debuginfo-0.60.8-3.3.1 libpspell15-0.60.8-3.3.1 libpspell15-debuginfo-0.60.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-25051.html https://bugzilla.suse.com/1177523 https://bugzilla.suse.com/1188576 From sle-updates at lists.suse.com Fri Aug 20 13:51:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:51:00 +0200 (CEST) Subject: SUSE-SU-2021:2798-1: important: Security update for java-1_8_0-openjdk Message-ID: <20210820135100.10D84FD0A@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2798-1 Rating: important References: #1185056 #1188564 #1188565 #1188566 Cross-References: CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVSS scores: CVE-2021-2161 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-2388 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2798=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2798=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2798=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2798=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2798=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2798=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2798=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2798=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2798=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2798=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2798=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Manager Proxy 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.302-3.55.2 java-1_8_0-openjdk-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-debugsource-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-1.8.0.302-3.55.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-1.8.0.302-3.55.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-1.8.0.302-3.55.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.302-3.55.2 References: https://www.suse.com/security/cve/CVE-2021-2161.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2388.html https://bugzilla.suse.com/1185056 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188566 From sle-updates at lists.suse.com Fri Aug 20 13:52:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:52:39 +0200 (CEST) Subject: SUSE-SU-2021:2792-1: important: Security update for libass Message-ID: <20210820135239.182C4FD0A@maintenance.suse.de> SUSE Security Update: Security update for libass ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2792-1 Rating: important References: #1188539 Cross-References: CVE-2020-36430 CVSS scores: CVE-2020-36430 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36430 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libass fixes the following issues: - CVE-2020-36430: Fixed heap-based buffer overflow in decode_chars (bsc#1188539). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2792=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2792=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2792=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2792=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2792=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2792=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2792=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2792=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2792=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2792=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2792=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2792=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2792=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2792=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2792=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Manager Proxy 4.0 (x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 - SUSE CaaS Platform 4.0 (x86_64): libass-debugsource-0.14.0-3.9.1 libass-devel-0.14.0-3.9.1 libass9-0.14.0-3.9.1 libass9-debuginfo-0.14.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-36430.html https://bugzilla.suse.com/1188539 From sle-updates at lists.suse.com Fri Aug 20 13:53:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:53:50 +0200 (CEST) Subject: SUSE-SU-2021:2801-1: moderate: Security update for 389-ds Message-ID: <20210820135350.3FA1BFD0A@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2801-1 Rating: moderate References: #1188151 #1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2801=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.16~git16.c1926dfc6-3.4.1 389-ds-debuginfo-1.4.4.16~git16.c1926dfc6-3.4.1 389-ds-debugsource-1.4.4.16~git16.c1926dfc6-3.4.1 389-ds-devel-1.4.4.16~git16.c1926dfc6-3.4.1 lib389-1.4.4.16~git16.c1926dfc6-3.4.1 libsvrcore0-1.4.4.16~git16.c1926dfc6-3.4.1 libsvrcore0-debuginfo-1.4.4.16~git16.c1926dfc6-3.4.1 References: https://www.suse.com/security/cve/CVE-2021-3652.html https://bugzilla.suse.com/1188151 https://bugzilla.suse.com/1188455 From sle-updates at lists.suse.com Fri Aug 20 13:55:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Aug 2021 15:55:09 +0200 (CEST) Subject: SUSE-SU-2021:2795-1: important: Security update for php7 Message-ID: <20210820135509.1BD0BFD0A@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2795-1 Rating: important References: #1188035 Cross-References: CVE-2021-21704 CVSS scores: CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2795=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2795=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2795=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2795=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2795=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2795=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2795=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2795=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2795=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2795=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2795=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2795=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2795=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Manager Server 4.0 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Manager Retail Branch Server 4.0 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Manager Proxy 4.0 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Manager Proxy 4.0 (x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 - SUSE Enterprise Storage 6 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE CaaS Platform 4.0 (noarch): php7-pear-7.2.5-4.79.1 php7-pear-Archive_Tar-7.2.5-4.79.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_php7-7.2.5-4.79.1 apache2-mod_php7-debuginfo-7.2.5-4.79.1 php7-7.2.5-4.79.1 php7-bcmath-7.2.5-4.79.1 php7-bcmath-debuginfo-7.2.5-4.79.1 php7-bz2-7.2.5-4.79.1 php7-bz2-debuginfo-7.2.5-4.79.1 php7-calendar-7.2.5-4.79.1 php7-calendar-debuginfo-7.2.5-4.79.1 php7-ctype-7.2.5-4.79.1 php7-ctype-debuginfo-7.2.5-4.79.1 php7-curl-7.2.5-4.79.1 php7-curl-debuginfo-7.2.5-4.79.1 php7-dba-7.2.5-4.79.1 php7-dba-debuginfo-7.2.5-4.79.1 php7-debuginfo-7.2.5-4.79.1 php7-debugsource-7.2.5-4.79.1 php7-devel-7.2.5-4.79.1 php7-dom-7.2.5-4.79.1 php7-dom-debuginfo-7.2.5-4.79.1 php7-enchant-7.2.5-4.79.1 php7-enchant-debuginfo-7.2.5-4.79.1 php7-exif-7.2.5-4.79.1 php7-exif-debuginfo-7.2.5-4.79.1 php7-fastcgi-7.2.5-4.79.1 php7-fastcgi-debuginfo-7.2.5-4.79.1 php7-fileinfo-7.2.5-4.79.1 php7-fileinfo-debuginfo-7.2.5-4.79.1 php7-fpm-7.2.5-4.79.1 php7-fpm-debuginfo-7.2.5-4.79.1 php7-ftp-7.2.5-4.79.1 php7-ftp-debuginfo-7.2.5-4.79.1 php7-gd-7.2.5-4.79.1 php7-gd-debuginfo-7.2.5-4.79.1 php7-gettext-7.2.5-4.79.1 php7-gettext-debuginfo-7.2.5-4.79.1 php7-gmp-7.2.5-4.79.1 php7-gmp-debuginfo-7.2.5-4.79.1 php7-iconv-7.2.5-4.79.1 php7-iconv-debuginfo-7.2.5-4.79.1 php7-intl-7.2.5-4.79.1 php7-intl-debuginfo-7.2.5-4.79.1 php7-json-7.2.5-4.79.1 php7-json-debuginfo-7.2.5-4.79.1 php7-ldap-7.2.5-4.79.1 php7-ldap-debuginfo-7.2.5-4.79.1 php7-mbstring-7.2.5-4.79.1 php7-mbstring-debuginfo-7.2.5-4.79.1 php7-mysql-7.2.5-4.79.1 php7-mysql-debuginfo-7.2.5-4.79.1 php7-odbc-7.2.5-4.79.1 php7-odbc-debuginfo-7.2.5-4.79.1 php7-opcache-7.2.5-4.79.1 php7-opcache-debuginfo-7.2.5-4.79.1 php7-openssl-7.2.5-4.79.1 php7-openssl-debuginfo-7.2.5-4.79.1 php7-pcntl-7.2.5-4.79.1 php7-pcntl-debuginfo-7.2.5-4.79.1 php7-pdo-7.2.5-4.79.1 php7-pdo-debuginfo-7.2.5-4.79.1 php7-pgsql-7.2.5-4.79.1 php7-pgsql-debuginfo-7.2.5-4.79.1 php7-phar-7.2.5-4.79.1 php7-phar-debuginfo-7.2.5-4.79.1 php7-posix-7.2.5-4.79.1 php7-posix-debuginfo-7.2.5-4.79.1 php7-readline-7.2.5-4.79.1 php7-readline-debuginfo-7.2.5-4.79.1 php7-shmop-7.2.5-4.79.1 php7-shmop-debuginfo-7.2.5-4.79.1 php7-snmp-7.2.5-4.79.1 php7-snmp-debuginfo-7.2.5-4.79.1 php7-soap-7.2.5-4.79.1 php7-soap-debuginfo-7.2.5-4.79.1 php7-sockets-7.2.5-4.79.1 php7-sockets-debuginfo-7.2.5-4.79.1 php7-sodium-7.2.5-4.79.1 php7-sodium-debuginfo-7.2.5-4.79.1 php7-sqlite-7.2.5-4.79.1 php7-sqlite-debuginfo-7.2.5-4.79.1 php7-sysvmsg-7.2.5-4.79.1 php7-sysvmsg-debuginfo-7.2.5-4.79.1 php7-sysvsem-7.2.5-4.79.1 php7-sysvsem-debuginfo-7.2.5-4.79.1 php7-sysvshm-7.2.5-4.79.1 php7-sysvshm-debuginfo-7.2.5-4.79.1 php7-tidy-7.2.5-4.79.1 php7-tidy-debuginfo-7.2.5-4.79.1 php7-tokenizer-7.2.5-4.79.1 php7-tokenizer-debuginfo-7.2.5-4.79.1 php7-wddx-7.2.5-4.79.1 php7-wddx-debuginfo-7.2.5-4.79.1 php7-xmlreader-7.2.5-4.79.1 php7-xmlreader-debuginfo-7.2.5-4.79.1 php7-xmlrpc-7.2.5-4.79.1 php7-xmlrpc-debuginfo-7.2.5-4.79.1 php7-xmlwriter-7.2.5-4.79.1 php7-xmlwriter-debuginfo-7.2.5-4.79.1 php7-xsl-7.2.5-4.79.1 php7-xsl-debuginfo-7.2.5-4.79.1 php7-zip-7.2.5-4.79.1 php7-zip-debuginfo-7.2.5-4.79.1 php7-zlib-7.2.5-4.79.1 php7-zlib-debuginfo-7.2.5-4.79.1 References: https://www.suse.com/security/cve/CVE-2021-21704.html https://bugzilla.suse.com/1188035 From sle-updates at lists.suse.com Mon Aug 23 10:17:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 12:17:34 +0200 (CEST) Subject: SUSE-RU-2021:2805-1: moderate: Recommended update for dracut Message-ID: <20210823101734.BBA1EFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2805-1 Rating: moderate References: #1185615 #1185646 #1187115 #1187470 #1187774 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2805=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2805=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.203.g8ee14a90-3.35.1 dracut-debuginfo-049.1+suse.203.g8ee14a90-3.35.1 dracut-debugsource-049.1+suse.203.g8ee14a90-3.35.1 dracut-fips-049.1+suse.203.g8ee14a90-3.35.1 dracut-ima-049.1+suse.203.g8ee14a90-3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.203.g8ee14a90-3.35.1 dracut-debuginfo-049.1+suse.203.g8ee14a90-3.35.1 dracut-debugsource-049.1+suse.203.g8ee14a90-3.35.1 dracut-fips-049.1+suse.203.g8ee14a90-3.35.1 dracut-ima-049.1+suse.203.g8ee14a90-3.35.1 References: https://bugzilla.suse.com/1185615 https://bugzilla.suse.com/1185646 https://bugzilla.suse.com/1187115 https://bugzilla.suse.com/1187470 https://bugzilla.suse.com/1187774 From sle-updates at lists.suse.com Mon Aug 23 13:18:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:18:54 +0200 (CEST) Subject: SUSE-SU-2021:2809-1: moderate: Security update for systemd Message-ID: <20210823131854.0747AFCF4@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2809-1 Rating: moderate References: #1166028 #1171962 #1184994 #1185972 #1188063 Cross-References: CVE-2020-13529 CVE-2021-33910 CVSS scores: CVE-2020-13529 (NVD) : 6.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-13529 (SUSE): 6.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-33910 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33910 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2809=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.15-7.11.1 libsystemd0-debuginfo-246.15-7.11.1 libudev-devel-246.15-7.11.1 libudev1-246.15-7.11.1 libudev1-debuginfo-246.15-7.11.1 systemd-246.15-7.11.1 systemd-container-246.15-7.11.1 systemd-container-debuginfo-246.15-7.11.1 systemd-coredump-246.15-7.11.1 systemd-coredump-debuginfo-246.15-7.11.1 systemd-debuginfo-246.15-7.11.1 systemd-debugsource-246.15-7.11.1 systemd-devel-246.15-7.11.1 systemd-doc-246.15-7.11.1 systemd-journal-remote-246.15-7.11.1 systemd-journal-remote-debuginfo-246.15-7.11.1 systemd-sysvinit-246.15-7.11.1 udev-246.15-7.11.1 udev-debuginfo-246.15-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.15-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.15-7.11.1 libsystemd0-32bit-debuginfo-246.15-7.11.1 libudev1-32bit-246.15-7.11.1 libudev1-32bit-debuginfo-246.15-7.11.1 systemd-32bit-246.15-7.11.1 systemd-32bit-debuginfo-246.15-7.11.1 References: https://www.suse.com/security/cve/CVE-2020-13529.html https://www.suse.com/security/cve/CVE-2021-33910.html https://bugzilla.suse.com/1166028 https://bugzilla.suse.com/1171962 https://bugzilla.suse.com/1184994 https://bugzilla.suse.com/1185972 https://bugzilla.suse.com/1188063 From sle-updates at lists.suse.com Mon Aug 23 13:20:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:20:30 +0200 (CEST) Subject: SUSE-RU-2021:2807-1: moderate: Recommended update for resource-agents Message-ID: <20210823132030.9D8C2FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2807-1 Rating: moderate References: #1188975 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fix for azure-lb resource agents using '/usr/bin/nc' instead of 'usr/bin/socat'. (bsc#1188975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2807=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-3.33.1 resource-agents-4.4.0+git57.70549516-3.33.1 resource-agents-debuginfo-4.4.0+git57.70549516-3.33.1 resource-agents-debugsource-4.4.0+git57.70549516-3.33.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-3.33.1 References: https://bugzilla.suse.com/1188975 From sle-updates at lists.suse.com Mon Aug 23 13:26:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:26:52 +0200 (CEST) Subject: SUSE-SU-2021:2812-1: moderate: Security update for libvirt Message-ID: <20210823132652.355D1FCF4@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2812-1 Rating: moderate References: #1184253 #1187871 #1188232 #1188843 Cross-References: CVE-2021-3631 CVE-2021-3667 CVSS scores: CVE-2021-3631 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3667 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2021-3631: fix SELinux label generation logic (bsc#1187871) - CVE-2021-3667: Unlock object on ACL fail in storagePoolLookupByTargetPath (bsc#1188843) Non-security issues fixed: - virtlockd: Don't report error if lockspace exists (bsc#1184253) - Don't forcibly remove '--listen' arg from /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is not specified. (bsc#1188232) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2812=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2812=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-6.5.1 libvirt-admin-7.1.0-6.5.1 libvirt-admin-debuginfo-7.1.0-6.5.1 libvirt-client-7.1.0-6.5.1 libvirt-client-debuginfo-7.1.0-6.5.1 libvirt-daemon-7.1.0-6.5.1 libvirt-daemon-config-network-7.1.0-6.5.1 libvirt-daemon-config-nwfilter-7.1.0-6.5.1 libvirt-daemon-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-interface-7.1.0-6.5.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-lxc-7.1.0-6.5.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-network-7.1.0-6.5.1 libvirt-daemon-driver-network-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-nodedev-7.1.0-6.5.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-nwfilter-7.1.0-6.5.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-qemu-7.1.0-6.5.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-secret-7.1.0-6.5.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-7.1.0-6.5.1 libvirt-daemon-driver-storage-core-7.1.0-6.5.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-disk-7.1.0-6.5.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-iscsi-7.1.0-6.5.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.5.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-logical-7.1.0-6.5.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-mpath-7.1.0-6.5.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-6.5.1 libvirt-daemon-driver-storage-scsi-7.1.0-6.5.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-6.5.1 libvirt-daemon-hooks-7.1.0-6.5.1 libvirt-daemon-lxc-7.1.0-6.5.1 libvirt-daemon-qemu-7.1.0-6.5.1 libvirt-debugsource-7.1.0-6.5.1 libvirt-devel-7.1.0-6.5.1 libvirt-lock-sanlock-7.1.0-6.5.1 libvirt-lock-sanlock-debuginfo-7.1.0-6.5.1 libvirt-nss-7.1.0-6.5.1 libvirt-nss-debuginfo-7.1.0-6.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-6.5.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-6.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): libvirt-bash-completion-7.1.0-6.5.1 libvirt-doc-7.1.0-6.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): libvirt-daemon-driver-libxl-7.1.0-6.5.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-6.5.1 libvirt-daemon-xen-7.1.0-6.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-7.1.0-6.5.1 libvirt-libs-7.1.0-6.5.1 libvirt-libs-debuginfo-7.1.0-6.5.1 References: https://www.suse.com/security/cve/CVE-2021-3631.html https://www.suse.com/security/cve/CVE-2021-3667.html https://bugzilla.suse.com/1184253 https://bugzilla.suse.com/1187871 https://bugzilla.suse.com/1188232 https://bugzilla.suse.com/1188843 From sle-updates at lists.suse.com Mon Aug 23 13:28:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:28:22 +0200 (CEST) Subject: SUSE-SU-2021:2810-1: moderate: Security update for dbus-1 Message-ID: <20210823132822.DAC24FCF4@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2810-1 Rating: moderate References: #1172505 Cross-References: CVE-2020-12049 CVSS scores: CVE-2020-12049 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12049 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2810=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2810=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2810=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): dbus-1-1.12.2-8.11.2 dbus-1-debuginfo-1.12.2-8.11.2 dbus-1-debugsource-1.12.2-8.11.2 libdbus-1-3-1.12.2-8.11.2 libdbus-1-3-debuginfo-1.12.2-8.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-8.11.2 dbus-1-debuginfo-1.12.2-8.11.2 dbus-1-debugsource-1.12.2-8.11.2 dbus-1-devel-1.12.2-8.11.2 dbus-1-x11-1.12.2-8.11.1 dbus-1-x11-debuginfo-1.12.2-8.11.1 dbus-1-x11-debugsource-1.12.2-8.11.1 libdbus-1-3-1.12.2-8.11.2 libdbus-1-3-debuginfo-1.12.2-8.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): dbus-1-32bit-debuginfo-1.12.2-8.11.2 libdbus-1-3-32bit-1.12.2-8.11.2 libdbus-1-3-32bit-debuginfo-1.12.2-8.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-8.11.2 dbus-1-debuginfo-1.12.2-8.11.2 dbus-1-debugsource-1.12.2-8.11.2 dbus-1-devel-1.12.2-8.11.2 dbus-1-x11-1.12.2-8.11.1 dbus-1-x11-debuginfo-1.12.2-8.11.1 dbus-1-x11-debugsource-1.12.2-8.11.1 libdbus-1-3-1.12.2-8.11.2 libdbus-1-3-debuginfo-1.12.2-8.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): dbus-1-32bit-debuginfo-1.12.2-8.11.2 libdbus-1-3-32bit-1.12.2-8.11.2 libdbus-1-3-32bit-debuginfo-1.12.2-8.11.2 References: https://www.suse.com/security/cve/CVE-2020-12049.html https://bugzilla.suse.com/1172505 From sle-updates at lists.suse.com Mon Aug 23 13:29:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:29:34 +0200 (CEST) Subject: SUSE-SU-2021:14788-1: important: Security update for cpio Message-ID: <20210823132934.D5F05FCF4@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14788-1 Rating: important References: #1189465 Cross-References: CVE-2021-38185 CVSS scores: CVE-2021-38185 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cpio-14788=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cpio-14788=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cpio-14788=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-cpio-14788=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cpio-2.9-75.81.14.1 cpio-lang-2.9-75.81.14.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cpio-2.9-75.81.14.1 cpio-lang-2.9-75.81.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cpio-debuginfo-2.9-75.81.14.1 cpio-debugsource-2.9-75.81.14.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): cpio-debuginfo-2.9-75.81.14.1 cpio-debugsource-2.9-75.81.14.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Mon Aug 23 13:32:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:32:02 +0200 (CEST) Subject: SUSE-SU-2021:2813-1: moderate: Security update for qemu Message-ID: <20210823133202.4ED1CFCF4@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2813-1 Rating: moderate References: #1180432 #1180433 #1180434 #1180435 #1182651 #1186012 #1189145 Cross-References: CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 CVSS scores: CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-35506 (SUSE): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2813=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-57.2 qemu-audio-alsa-3.1.1.1-57.2 qemu-audio-alsa-debuginfo-3.1.1.1-57.2 qemu-audio-oss-3.1.1.1-57.2 qemu-audio-oss-debuginfo-3.1.1.1-57.2 qemu-audio-pa-3.1.1.1-57.2 qemu-audio-pa-debuginfo-3.1.1.1-57.2 qemu-audio-sdl-3.1.1.1-57.2 qemu-audio-sdl-debuginfo-3.1.1.1-57.2 qemu-block-curl-3.1.1.1-57.2 qemu-block-curl-debuginfo-3.1.1.1-57.2 qemu-block-iscsi-3.1.1.1-57.2 qemu-block-iscsi-debuginfo-3.1.1.1-57.2 qemu-block-ssh-3.1.1.1-57.2 qemu-block-ssh-debuginfo-3.1.1.1-57.2 qemu-debugsource-3.1.1.1-57.2 qemu-guest-agent-3.1.1.1-57.2 qemu-guest-agent-debuginfo-3.1.1.1-57.2 qemu-lang-3.1.1.1-57.2 qemu-tools-3.1.1.1-57.2 qemu-tools-debuginfo-3.1.1.1-57.2 qemu-ui-curses-3.1.1.1-57.2 qemu-ui-curses-debuginfo-3.1.1.1-57.2 qemu-ui-gtk-3.1.1.1-57.2 qemu-ui-gtk-debuginfo-3.1.1.1-57.2 qemu-ui-sdl-3.1.1.1-57.2 qemu-ui-sdl-debuginfo-3.1.1.1-57.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): qemu-block-rbd-3.1.1.1-57.2 qemu-block-rbd-debuginfo-3.1.1.1-57.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): qemu-kvm-3.1.1.1-57.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): qemu-ppc-3.1.1.1-57.2 qemu-ppc-debuginfo-3.1.1.1-57.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64): qemu-arm-3.1.1.1-57.2 qemu-arm-debuginfo-3.1.1.1-57.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): qemu-ipxe-1.0.0+-57.2 qemu-seabios-1.12.0_0_ga698c89-57.2 qemu-sgabios-8-57.2 qemu-vgabios-1.12.0_0_ga698c89-57.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): qemu-x86-3.1.1.1-57.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): qemu-s390-3.1.1.1-57.2 qemu-s390-debuginfo-3.1.1.1-57.2 References: https://www.suse.com/security/cve/CVE-2020-35503.html https://www.suse.com/security/cve/CVE-2020-35504.html https://www.suse.com/security/cve/CVE-2020-35505.html https://www.suse.com/security/cve/CVE-2020-35506.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-3527.html https://www.suse.com/security/cve/CVE-2021-3682.html https://bugzilla.suse.com/1180432 https://bugzilla.suse.com/1180433 https://bugzilla.suse.com/1180434 https://bugzilla.suse.com/1180435 https://bugzilla.suse.com/1182651 https://bugzilla.suse.com/1186012 https://bugzilla.suse.com/1189145 From sle-updates at lists.suse.com Mon Aug 23 13:34:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 15:34:01 +0200 (CEST) Subject: SUSE-SU-2021:2808-1: important: Security update for cpio Message-ID: <20210823133401.97563FCF4@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2808-1 Rating: important References: #1189465 Cross-References: CVE-2021-38185 CVSS scores: CVE-2021-38185 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2808=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2808=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2808=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2808=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2808=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2808=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2808=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2808=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2808=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2808=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2808=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2808=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE OpenStack Cloud 9 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud 9 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE OpenStack Cloud 8 (noarch): cpio-lang-2.11-36.15.1 - SUSE OpenStack Cloud 8 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): cpio-lang-2.11-36.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - HPE Helion Openstack 8 (x86_64): cpio-2.11-36.15.1 cpio-debuginfo-2.11-36.15.1 cpio-debugsource-2.11-36.15.1 - HPE Helion Openstack 8 (noarch): cpio-lang-2.11-36.15.1 References: https://www.suse.com/security/cve/CVE-2021-38185.html https://bugzilla.suse.com/1189465 From sle-updates at lists.suse.com Mon Aug 23 16:17:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 18:17:26 +0200 (CEST) Subject: SUSE-SU-2021:2817-1: moderate: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Message-ID: <20210823161726.5BF27FCF4@maintenance.suse.de> SUSE Security Update: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2817-1 Rating: moderate References: #1102408 #1138715 #1138746 #1176389 #1177120 #1182421 #1182422 ECO-3352 PM-2485 Cross-References: CVE-2020-26137 CVSS scores: CVE-2020-26137 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26137 (SUSE): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has 6 fixes is now available. Description: This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2817=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2817=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2817=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2817=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2817=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2817=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2817=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-2817=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-2817=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2817=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-2817=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-2817=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2817=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2817=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2817=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2817=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2817=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2817=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2817=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python3-cffi-1.13.2-3.2.5 python3-cryptography-2.8-10.1 - SUSE MicroOS 5.0 (noarch): python3-asn1crypto-0.24.0-3.2.1 python3-pyOpenSSL-17.5.0-8.3.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Manager Server 4.0 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Manager Retail Branch Server 4.0 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Manager Proxy 4.0 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-cffi-debuginfo-1.13.2-3.2.5 python-cffi-debugsource-1.13.2-3.2.5 python-cryptography-debuginfo-2.8-10.1 python-cryptography-debugsource-2.8-10.1 python2-cffi-1.13.2-3.2.5 python2-cffi-debuginfo-1.13.2-3.2.5 python2-cryptography-2.8-10.1 python2-cryptography-debuginfo-2.8-10.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-cffi-debuginfo-1.13.2-3.2.5 python-cffi-debugsource-1.13.2-3.2.5 python-cryptography-debuginfo-2.8-10.1 python-cryptography-debugsource-2.8-10.1 python2-cffi-1.13.2-3.2.5 python2-cffi-debuginfo-1.13.2-3.2.5 python2-cryptography-2.8-10.1 python2-cryptography-debuginfo-2.8-10.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyOpenSSL-17.5.0-8.3.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-cli-1.19.9-26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-cli-1.19.9-26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-cli-1.19.9-26.1 python3-botocore-1.20.9-33.1 python3-service_identity-18.1.0-3.3.1 python3-trustme-0.6.0-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-boto3-1.17.9-19.1 python2-botocore-1.20.9-33.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-boto3-1.17.9-19.1 python2-botocore-1.20.9-33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-cffi-debuginfo-1.13.2-3.2.5 python-cffi-debugsource-1.13.2-3.2.5 python-cryptography-debuginfo-2.8-10.1 python-cryptography-debugsource-2.8-10.1 python3-cffi-1.13.2-3.2.5 python3-cffi-debuginfo-1.13.2-3.2.5 python3-cryptography-2.8-10.1 python3-cryptography-debuginfo-2.8-10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-cffi-debuginfo-1.13.2-3.2.5 python-cffi-debugsource-1.13.2-3.2.5 python-cryptography-debuginfo-2.8-10.1 python-cryptography-debugsource-2.8-10.1 python3-cffi-1.13.2-3.2.5 python3-cffi-debuginfo-1.13.2-3.2.5 python3-cryptography-2.8-10.1 python3-cryptography-debuginfo-2.8-10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyOpenSSL-17.5.0-8.3.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE Enterprise Storage 6 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 - SUSE CaaS Platform 4.0 (noarch): python2-asn1crypto-0.24.0-3.2.1 python2-pyasn1-0.4.2-3.2.1 python2-pycparser-2.17-3.2.1 python2-urllib3-1.25.10-9.14.1 python3-asn1crypto-0.24.0-3.2.1 python3-boto3-1.17.9-19.1 python3-botocore-1.20.9-33.1 python3-pyasn1-0.4.2-3.2.1 python3-pycparser-2.17-3.2.1 python3-urllib3-1.25.10-9.14.1 References: https://www.suse.com/security/cve/CVE-2020-26137.html https://bugzilla.suse.com/1102408 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1182421 https://bugzilla.suse.com/1182422 From sle-updates at lists.suse.com Mon Aug 23 16:20:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Aug 2021 18:20:40 +0200 (CEST) Subject: SUSE-OU-2021:2816-1: Optional update for python-kubernetes Message-ID: <20210823162040.EA4E9FCF4@maintenance.suse.de> SUSE Optional Update: Optional update for python-kubernetes ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:2816-1 Rating: low References: SLE-17904 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This patch provides the python3-kubernetes package to the following modules: - Container Module for SUSE Linux Enterprise 15 SP2 - Container Module for SUSE Linux Enterprise 15 SP3 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-2816=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-2816=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2816=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-2816=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-2816=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2816=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2816=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-2816=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-2816=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2816=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2816=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2816=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): python3-cachetools-4.1.0-3.2.1 python3-kubernetes-8.0.1-3.5.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-kubernetes-8.0.1-3.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-oauth2client-flask-4.1.3-3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-oauth2client-flask-4.1.2-3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-google-auth-1.5.1-3.4.1 python3-oauth2client-flask-4.1.2-3.2.1 python3-oauth2client-gce-4.1.2-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python2-pycrypto-2.6.1-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-oauth2client-4.1.3-3.2.1 python2-oauth2client-gce-4.1.3-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-oauth2client-4.1.2-3.2.1 python2-oauth2client-gce-4.1.2-3.2.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): python3-kubernetes-8.0.1-3.5.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (noarch): python3-kubernetes-8.0.1-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-cachetools-4.1.0-3.2.1 python3-google-auth-1.21.2-3.4.1 python3-oauth2client-4.1.3-3.2.1 python3-oauth2client-gce-4.1.3-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-cachetools-4.1.0-3.2.1 python3-google-auth-1.5.1-3.4.1 python3-oauth2client-4.1.2-3.2.1 python3-oauth2client-gce-4.1.2-3.2.1 - SUSE Enterprise Storage 6 (noarch): python3-google-auth-1.5.1-3.4.1 python3-kubernetes-8.0.1-3.5.1 References: From sle-updates at lists.suse.com Tue Aug 24 06:18:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 08:18:24 +0200 (CEST) Subject: SUSE-CU-2021:283-1: Security update of suse/sle15 Message-ID: <20210824061824.E36FDFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:283-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.5.33 Container Release : 17.5.33 Severity : critical Type : security References : 1057452 1166028 1171962 1179416 1181805 1183543 1183545 1184994 1185972 1188063 1188287 1188571 1189206 1189465 1189465 CVE-2020-13529 CVE-2021-20266 CVE-2021-20271 CVE-2021-33910 CVE-2021-3421 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) From sle-updates at lists.suse.com Tue Aug 24 10:17:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 12:17:10 +0200 (CEST) Subject: SUSE-SU-2021:2818-1: important: Security update for python-PyYAML Message-ID: <20210824101710.BD432FD0A@maintenance.suse.de> SUSE Security Update: Security update for python-PyYAML ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2818-1 Rating: important References: #1174514 Cross-References: CVE-2020-14343 CVSS scores: CVE-2020-14343 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-14343 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Module for Public Cloud 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyYAML fixes the following issues: - Update to 5.3.1. - CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2818=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2818=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2818=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2818=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-2818=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2818=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2818=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2818=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2818=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2818=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2818=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-2818=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2818=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python3-PyYAML-debuginfo-5.3.1-28.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 - SUSE OpenStack Cloud 9 (x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python3-PyYAML-debuginfo-5.3.1-28.6.1 - SUSE OpenStack Cloud 8 (x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python3-PyYAML-debuginfo-5.3.1-28.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python3-PyYAML-debuginfo-5.3.1-28.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python3-PyYAML-debuginfo-5.3.1-28.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python3-PyYAML-debuginfo-5.3.1-28.6.1 - HPE Helion Openstack 8 (x86_64): python-PyYAML-5.3.1-28.6.1 python-PyYAML-debuginfo-5.3.1-28.6.1 python-PyYAML-debugsource-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 References: https://www.suse.com/security/cve/CVE-2020-14343.html https://bugzilla.suse.com/1174514 From sle-updates at lists.suse.com Tue Aug 24 13:16:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 15:16:50 +0200 (CEST) Subject: SUSE-RU-2021:2821-1: moderate: Recommended update for ClusterTools2 Message-ID: <20210824131650.7A678FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for ClusterTools2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2821-1 Rating: moderate References: #1166943 #1186119 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ClusterTools2 fixes the following issues: - change version from 3.1.0 to 3.1.1 - As some of the supportconfig plugins of ClusterTools2 take very long time to process, we will disable these plugins by default. (bsc#1186119) - Add file samples to support SLE15. (bsc#1166943) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-2821=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-2821=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-2821=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): ClusterTools2-3.1.1-8.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): ClusterTools2-3.1.1-8.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): ClusterTools2-3.1.1-8.6.1 References: https://bugzilla.suse.com/1166943 https://bugzilla.suse.com/1186119 From sle-updates at lists.suse.com Tue Aug 24 13:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 15:18:07 +0200 (CEST) Subject: SUSE-RU-2021:2820-1: moderate: Recommended update for ceph, deepsea Message-ID: <20210824131807.D292AFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph, deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2820-1 Rating: moderate References: #1175086 #1178016 #1181095 #1181725 #1184517 #1185422 #1186131 #1187584 #1188486 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - Update to 14.2.22-404-gf74e15c2e55: - Fix for an issue when scrub is not rescheduling. (bsc#1187584) - Update to 14.2.22-403-g54cdaf6e510: - Fixed and isshe when dashboard shows partially deleted RBDs. (bsc#1175086) - Look for plain entries in non-ascii plain namespace too. (bsc#1184517) - Fix monitoring menu item in downstream branding This update for deepsea fixes the following issues: - Version: 0.9.36 - Allow embedding of Grafana graphs (bsc#1186131) - Wait for OSDs to be active after restarting (bsc#1185422) - qa: functests/1node/restart: fix changed.any check - mds/restart: only check MDS processes (not all processes) - dg: include unavailable disks (bsc#1181725) - upgrade: Add ability to specify registry credentials (bsc#1181095) - Fix no UCST response after 1 second when validating time server - osd: handle ceph osd ok-to-stop output from ceph v14.2.22 - monitoring: put node_exporter ARGS all on one line (bsc#1188486) - Use correct pool when checking for rados config object (bsc#1178016) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2820=1 Package List: - SUSE Enterprise Storage 6 (noarch): deepsea-0.9.36+git.0.4ecc6acf-3.37.1 deepsea-cli-0.9.36+git.0.4ecc6acf-3.37.1 References: https://bugzilla.suse.com/1175086 https://bugzilla.suse.com/1178016 https://bugzilla.suse.com/1181095 https://bugzilla.suse.com/1181725 https://bugzilla.suse.com/1184517 https://bugzilla.suse.com/1185422 https://bugzilla.suse.com/1186131 https://bugzilla.suse.com/1187584 https://bugzilla.suse.com/1188486 From sle-updates at lists.suse.com Tue Aug 24 13:21:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 15:21:22 +0200 (CEST) Subject: SUSE-RU-2021:2819-1: moderate: Recommended update for ceph Message-ID: <20210824132122.E0F13FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2819-1 Rating: moderate References: #1175086 #1184517 #1187584 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - Update to 14.2.22-404-gf74e15c2e55: - Fix for an issue when scrub is not rescheduling. (bsc#1187584) - Update to 14.2.22-403-g54cdaf6e510: - Fixed and isshe when dashboard shows partially deleted RBDs. (bsc#1175086) - Look for plain entries in non-ascii plain namespace too. (bsc#1184517) - Fix monitoring menu item in downstream branding Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2819=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.22.404+gf74e15c2e55-3.69.2 ceph-base-14.2.22.404+gf74e15c2e55-3.69.2 ceph-base-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-common-14.2.22.404+gf74e15c2e55-3.69.2 ceph-common-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-debugsource-14.2.22.404+gf74e15c2e55-3.69.2 ceph-fuse-14.2.22.404+gf74e15c2e55-3.69.2 ceph-fuse-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mds-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mds-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mgr-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mgr-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mon-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mon-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-osd-14.2.22.404+gf74e15c2e55-3.69.2 ceph-osd-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 ceph-radosgw-14.2.22.404+gf74e15c2e55-3.69.2 ceph-radosgw-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 cephfs-shell-14.2.22.404+gf74e15c2e55-3.69.2 libcephfs2-14.2.22.404+gf74e15c2e55-3.69.2 libcephfs2-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 librados2-14.2.22.404+gf74e15c2e55-3.69.2 librados2-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 librbd1-14.2.22.404+gf74e15c2e55-3.69.2 librbd1-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 librgw2-14.2.22.404+gf74e15c2e55-3.69.2 librgw2-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 python3-ceph-argparse-14.2.22.404+gf74e15c2e55-3.69.2 python3-cephfs-14.2.22.404+gf74e15c2e55-3.69.2 python3-cephfs-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 python3-rados-14.2.22.404+gf74e15c2e55-3.69.2 python3-rados-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 python3-rbd-14.2.22.404+gf74e15c2e55-3.69.2 python3-rbd-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 python3-rgw-14.2.22.404+gf74e15c2e55-3.69.2 python3-rgw-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 rbd-fuse-14.2.22.404+gf74e15c2e55-3.69.2 rbd-fuse-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 rbd-mirror-14.2.22.404+gf74e15c2e55-3.69.2 rbd-mirror-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 rbd-nbd-14.2.22.404+gf74e15c2e55-3.69.2 rbd-nbd-debuginfo-14.2.22.404+gf74e15c2e55-3.69.2 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mgr-dashboard-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mgr-diskprediction-local-14.2.22.404+gf74e15c2e55-3.69.2 ceph-mgr-rook-14.2.22.404+gf74e15c2e55-3.69.2 ceph-prometheus-alerts-14.2.22.404+gf74e15c2e55-3.69.2 References: https://bugzilla.suse.com/1175086 https://bugzilla.suse.com/1184517 https://bugzilla.suse.com/1187584 From sle-updates at lists.suse.com Tue Aug 24 13:24:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 15:24:08 +0200 (CEST) Subject: SUSE-RU-2021:2822-1: moderate: Recommended update for ClusterTools2 Message-ID: <20210824132408.65150FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for ClusterTools2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2822-1 Rating: moderate References: #1166943 #1186119 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ClusterTools2 fixes the following issues: - change version from 3.1.0 to 3.1.1 - As some of the supportconfig plugins of ClusterTools2 take very long time to process, we will disable these plugins by default. (bsc#1186119) - Add file samples to support SLE15. (bsc#1166943) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-2822=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): ClusterTools2-3.1.1-3.6.1 References: https://bugzilla.suse.com/1166943 https://bugzilla.suse.com/1186119 From sle-updates at lists.suse.com Tue Aug 24 16:16:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 18:16:54 +0200 (CEST) Subject: SUSE-SU-2021:2823-1: moderate: Security update for nodejs10 Message-ID: <20210824161654.2C1FFFD0A@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2823-1 Rating: moderate References: #1188881 #1188917 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-2823=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-1.42.2 nodejs10-debuginfo-10.24.1-1.42.2 nodejs10-devel-10.24.1-1.42.2 npm10-10.24.1-1.42.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.24.1-1.42.2 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 From sle-updates at lists.suse.com Tue Aug 24 16:18:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 18:18:23 +0200 (CEST) Subject: SUSE-SU-2021:2824-1: important: Security update for nodejs12 Message-ID: <20210824161823.D776BFD0A@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2824-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: http2: fixes use after free on close http2 on stream canceling (bsc#1188917) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-2824=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.5-1.35.1 nodejs12-debuginfo-12.22.5-1.35.1 nodejs12-debugsource-12.22.5-1.35.1 nodejs12-devel-12.22.5-1.35.1 npm12-12.22.5-1.35.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.5-1.35.1 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 From sle-updates at lists.suse.com Tue Aug 24 19:16:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:16:40 +0200 (CEST) Subject: SUSE-SU-2021:14791-1: important: Security update for openssl Message-ID: <20210824191640.66979FD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14791-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14791=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14791=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14791=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14791=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.40.1 libopenssl0_9_8-hmac-0.9.8j-0.106.40.1 openssl-0.9.8j-0.106.40.1 openssl-doc-0.9.8j-0.106.40.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.40.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.40.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.40.1 libopenssl0_9_8-0.9.8j-0.106.40.1 libopenssl0_9_8-hmac-0.9.8j-0.106.40.1 openssl-0.9.8j-0.106.40.1 openssl-doc-0.9.8j-0.106.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.40.1 openssl-debugsource-0.9.8j-0.106.40.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.40.1 openssl-debugsource-0.9.8j-0.106.40.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:19:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:19:05 +0200 (CEST) Subject: SUSE-SU-2021:2831-1: important: Security update for openssl-1_1 Message-ID: <20210824191905.33331FD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2831-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2831=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2831=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2831=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2831=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2831=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2831=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2831=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2831=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2831=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Manager Server 4.0 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Manager Proxy 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-14.18.1 libopenssl-1_1-devel-32bit-1.1.0i-14.18.1 libopenssl1_1-1.1.0i-14.18.1 libopenssl1_1-32bit-1.1.0i-14.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.18.1 libopenssl1_1-debuginfo-1.1.0i-14.18.1 libopenssl1_1-hmac-1.1.0i-14.18.1 libopenssl1_1-hmac-32bit-1.1.0i-14.18.1 openssl-1_1-1.1.0i-14.18.1 openssl-1_1-debuginfo-1.1.0i-14.18.1 openssl-1_1-debugsource-1.1.0i-14.18.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:20:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:20:20 +0200 (CEST) Subject: SUSE-SU-2021:2830-1: important: Security update for openssl-1_1 Message-ID: <20210824192020.B0D78FD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2830-1 Rating: important References: #1189520 #1189521 Cross-References: CVE-2021-3711 CVE-2021-3712 CVSS scores: CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2830=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2830=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2830=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libopenssl1_1-1.1.1d-11.27.1 libopenssl1_1-debuginfo-1.1.1d-11.27.1 openssl-1_1-1.1.1d-11.27.1 openssl-1_1-debuginfo-1.1.1d-11.27.1 openssl-1_1-debugsource-1.1.1d-11.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.27.1 libopenssl1_1-1.1.1d-11.27.1 libopenssl1_1-debuginfo-1.1.1d-11.27.1 libopenssl1_1-hmac-1.1.1d-11.27.1 openssl-1_1-1.1.1d-11.27.1 openssl-1_1-debuginfo-1.1.1d-11.27.1 openssl-1_1-debugsource-1.1.1d-11.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-11.27.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.27.1 libopenssl1_1-hmac-32bit-1.1.1d-11.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.27.1 libopenssl1_1-1.1.1d-11.27.1 libopenssl1_1-debuginfo-1.1.1d-11.27.1 libopenssl1_1-hmac-1.1.1d-11.27.1 openssl-1_1-1.1.1d-11.27.1 openssl-1_1-debuginfo-1.1.1d-11.27.1 openssl-1_1-debugsource-1.1.1d-11.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.27.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.27.1 libopenssl1_1-hmac-32bit-1.1.1d-11.27.1 References: https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:21:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:21:38 +0200 (CEST) Subject: SUSE-SU-2021:2825-1: important: Security update for openssl Message-ID: <20210824192138.37AECFD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2825-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2825=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2825=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2825=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2825=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2825=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2825=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2825=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.69.3 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.69.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.69.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.69.3 libopenssl1_0_0-1.0.2j-60.69.3 libopenssl1_0_0-32bit-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-1.0.2j-60.69.3 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.69.3 libopenssl1_0_0-hmac-1.0.2j-60.69.3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.69.3 openssl-1.0.2j-60.69.3 openssl-debuginfo-1.0.2j-60.69.3 openssl-debugsource-1.0.2j-60.69.3 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.69.3 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:23:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:23:59 +0200 (CEST) Subject: SUSE-SU-2021:2829-1: important: Security update for openssl-1_1 Message-ID: <20210824192359.10F7FFD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2829-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2829=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2829=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2829=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2829=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-4.60.1 libopenssl1_1-1.1.0i-4.60.1 libopenssl1_1-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-1.1.0i-4.60.1 openssl-1_1-1.1.0i-4.60.1 openssl-1_1-debuginfo-1.1.0i-4.60.1 openssl-1_1-debugsource-1.1.0i-4.60.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.60.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-32bit-1.1.0i-4.60.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-4.60.1 libopenssl1_1-1.1.0i-4.60.1 libopenssl1_1-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-1.1.0i-4.60.1 openssl-1_1-1.1.0i-4.60.1 openssl-1_1-debuginfo-1.1.0i-4.60.1 openssl-1_1-debugsource-1.1.0i-4.60.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.60.1 libopenssl1_1-1.1.0i-4.60.1 libopenssl1_1-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-1.1.0i-4.60.1 openssl-1_1-1.1.0i-4.60.1 openssl-1_1-debuginfo-1.1.0i-4.60.1 openssl-1_1-debugsource-1.1.0i-4.60.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-4.60.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-32bit-1.1.0i-4.60.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.60.1 libopenssl1_1-1.1.0i-4.60.1 libopenssl1_1-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-1.1.0i-4.60.1 openssl-1_1-1.1.0i-4.60.1 openssl-1_1-debuginfo-1.1.0i-4.60.1 openssl-1_1-debugsource-1.1.0i-4.60.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-4.60.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.60.1 libopenssl1_1-hmac-32bit-1.1.0i-4.60.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:25:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:25:15 +0200 (CEST) Subject: SUSE-SU-2021:2827-1: important: Security update for openssl-1_0_0 Message-ID: <20210824192515.F1326FD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2827-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2827=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2827=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2827=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2827=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2827=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2827=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2827=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2827=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2827=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2827=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2827=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Manager Proxy 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl10-1.0.2p-3.40.2 libopenssl10-debuginfo-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.40.2 libopenssl1_0_0-1.0.2p-3.40.2 libopenssl1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-1.0.2p-3.40.2 openssl-1_0_0-debuginfo-1.0.2p-3.40.2 openssl-1_0_0-debugsource-1.0.2p-3.40.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:26:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:26:34 +0200 (CEST) Subject: SUSE-SU-2021:2826-1: important: Security update for openssl-1_0_0 Message-ID: <20210824192634.9A39CFD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2826-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2826=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2826=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2826=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2826=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2826=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2826=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.39.3 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.39.3 libopenssl1_0_0-1.0.2p-3.39.3 libopenssl1_0_0-32bit-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.39.3 libopenssl1_0_0-hmac-1.0.2p-3.39.3 libopenssl1_0_0-hmac-32bit-1.0.2p-3.39.3 openssl-1_0_0-1.0.2p-3.39.3 openssl-1_0_0-debuginfo-1.0.2p-3.39.3 openssl-1_0_0-debugsource-1.0.2p-3.39.3 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.39.3 libopenssl1_0_0-1.0.2p-3.39.3 libopenssl1_0_0-32bit-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.39.3 libopenssl1_0_0-hmac-1.0.2p-3.39.3 libopenssl1_0_0-hmac-32bit-1.0.2p-3.39.3 openssl-1_0_0-1.0.2p-3.39.3 openssl-1_0_0-debuginfo-1.0.2p-3.39.3 openssl-1_0_0-debugsource-1.0.2p-3.39.3 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.39.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.39.3 openssl-1_0_0-debuginfo-1.0.2p-3.39.3 openssl-1_0_0-debugsource-1.0.2p-3.39.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.39.3 libopenssl1_0_0-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-1.0.2p-3.39.3 libopenssl1_0_0-hmac-1.0.2p-3.39.3 openssl-1_0_0-1.0.2p-3.39.3 openssl-1_0_0-debuginfo-1.0.2p-3.39.3 openssl-1_0_0-debugsource-1.0.2p-3.39.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.39.3 libopenssl1_0_0-hmac-32bit-1.0.2p-3.39.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.39.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.39.3 libopenssl1_0_0-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-1.0.2p-3.39.3 libopenssl1_0_0-hmac-1.0.2p-3.39.3 openssl-1_0_0-1.0.2p-3.39.3 openssl-1_0_0-debuginfo-1.0.2p-3.39.3 openssl-1_0_0-debugsource-1.0.2p-3.39.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.39.3 libopenssl1_0_0-hmac-32bit-1.0.2p-3.39.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.39.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.39.3 libopenssl1_0_0-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-1.0.2p-3.39.3 libopenssl1_0_0-hmac-1.0.2p-3.39.3 openssl-1_0_0-1.0.2p-3.39.3 openssl-1_0_0-debuginfo-1.0.2p-3.39.3 openssl-1_0_0-debugsource-1.0.2p-3.39.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.39.3 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.39.3 libopenssl1_0_0-hmac-32bit-1.0.2p-3.39.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.39.3 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:27:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:27:49 +0200 (CEST) Subject: SUSE-SU-2021:2833-1: important: Security update for openssl-1_1 Message-ID: <20210824192749.D43CAFD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2833-1 Rating: important References: #1189520 #1189521 Cross-References: CVE-2021-3711 CVE-2021-3712 CVSS scores: CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2833=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2833=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2833=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2833=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2833=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2833=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.36.2 libopenssl1_1-32bit-1.1.1d-2.36.2 libopenssl1_1-debuginfo-1.1.1d-2.36.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.36.2 openssl-1_1-1.1.1d-2.36.2 openssl-1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-debugsource-1.1.1d-2.36.2 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.36.2 libopenssl1_1-32bit-1.1.1d-2.36.2 libopenssl1_1-debuginfo-1.1.1d-2.36.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.36.2 openssl-1_1-1.1.1d-2.36.2 openssl-1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-debugsource-1.1.1d-2.36.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.36.2 openssl-1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-debugsource-1.1.1d-2.36.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.36.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.36.2 libopenssl1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-1.1.1d-2.36.2 openssl-1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-debugsource-1.1.1d-2.36.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.36.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.36.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.36.2 libopenssl1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-1.1.1d-2.36.2 openssl-1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-debugsource-1.1.1d-2.36.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.36.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.36.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.36.2 libopenssl1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-1.1.1d-2.36.2 openssl-1_1-debuginfo-1.1.1d-2.36.2 openssl-1_1-debugsource-1.1.1d-2.36.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.36.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.36.2 References: https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Aug 24 19:29:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Aug 2021 21:29:10 +0200 (CEST) Subject: SUSE-SU-2021:14792-1: important: Security update for openssl1 Message-ID: <20210824192910.515F4FD0A@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14792-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14792=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl1-14792=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.36.2 libopenssl1_0_0-1.0.1g-0.58.36.2 openssl1-1.0.1g-0.58.36.2 openssl1-doc-1.0.1g-0.58.36.2 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.36.2 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.36.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl1-debuginfo-1.0.1g-0.58.36.2 openssl1-debugsource-1.0.1g-0.58.36.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Wed Aug 25 09:23:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 11:23:33 +0200 (CEST) Subject: SUSE-CU-2021:284-1: Security update of suse/sles12sp3 Message-ID: <20210825092333.8399FFD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:284-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.289 , suse/sles12sp3:latest Container Release : 24.289 Severity : critical Type : security References : 1189206 1189465 1189465 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2686-1 Released: Sat Aug 14 03:58:36 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2767-1 Released: Tue Aug 17 17:29:14 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2779-1 Released: Thu Aug 19 16:08:35 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) From sle-updates at lists.suse.com Wed Aug 25 09:23:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 11:23:47 +0200 (CEST) Subject: SUSE-CU-2021:285-1: Security update of suse/sles12sp3 Message-ID: <20210825092347.651FEFD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:285-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.290 , suse/sles12sp3:latest Container Release : 24.290 Severity : important Type : security References : 1189465 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2808-1 Released: Mon Aug 23 12:09:10 2021 Summary: Security update for cpio Type: security Severity: important References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] From sle-updates at lists.suse.com Wed Aug 25 09:40:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 11:40:15 +0200 (CEST) Subject: SUSE-CU-2021:286-1: Security update of suse/sles12sp4 Message-ID: <20210825094015.6D250FD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:286-1 Container Tags : suse/sles12sp4:26.333 , suse/sles12sp4:latest Container Release : 26.333 Severity : critical Type : security References : 1189206 1189465 1189465 1189465 CVE-2021-38185 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2686-1 Released: Sat Aug 14 03:58:36 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2767-1 Released: Tue Aug 17 17:29:14 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2779-1 Released: Thu Aug 19 16:08:35 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2808-1 Released: Mon Aug 23 12:09:10 2021 Summary: Security update for cpio Type: security Severity: important References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] From sle-updates at lists.suse.com Wed Aug 25 09:52:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 11:52:42 +0200 (CEST) Subject: SUSE-CU-2021:288-1: Security update of suse/sles12sp5 Message-ID: <20210825095242.127A9FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:288-1 Container Tags : suse/sles12sp5:6.5.218 , suse/sles12sp5:latest Container Release : 6.5.218 Severity : critical Type : security References : 1189206 1189465 1189465 1189465 CVE-2021-38185 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2686-1 Released: Sat Aug 14 03:58:36 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2767-1 Released: Tue Aug 17 17:29:14 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2779-1 Released: Thu Aug 19 16:08:35 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2808-1 Released: Mon Aug 23 12:09:10 2021 Summary: Security update for cpio Type: security Severity: important References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] From sle-updates at lists.suse.com Wed Aug 25 16:19:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 18:19:47 +0200 (CEST) Subject: SUSE-SU-2021:2835-1: moderate: Security update for mariadb Message-ID: <20210825161947.48D68FD0A@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2835-1 Rating: moderate References: #1189320 Cross-References: CVE-2021-2372 CVE-2021-2389 CVSS scores: CVE-2021-2372 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2372 (SUSE): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2835=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2835=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2835=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2835=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2835=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2835=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2835=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2835=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2835=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2835=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2835=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2835=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2835=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Manager Server 4.0 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Manager Retail Branch Server 4.0 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Manager Proxy 4.0 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Manager Proxy 4.0 (x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 - SUSE Enterprise Storage 6 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE CaaS Platform 4.0 (noarch): mariadb-errormessages-10.2.40-3.43.1 - SUSE CaaS Platform 4.0 (x86_64): libmysqld-devel-10.2.40-3.43.1 libmysqld19-10.2.40-3.43.1 libmysqld19-debuginfo-10.2.40-3.43.1 mariadb-10.2.40-3.43.1 mariadb-client-10.2.40-3.43.1 mariadb-client-debuginfo-10.2.40-3.43.1 mariadb-debuginfo-10.2.40-3.43.1 mariadb-debugsource-10.2.40-3.43.1 mariadb-tools-10.2.40-3.43.1 mariadb-tools-debuginfo-10.2.40-3.43.1 References: https://www.suse.com/security/cve/CVE-2021-2372.html https://www.suse.com/security/cve/CVE-2021-2389.html https://bugzilla.suse.com/1189320 From sle-updates at lists.suse.com Wed Aug 25 16:21:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 18:21:03 +0200 (CEST) Subject: SUSE-RU-2021:2836-1: important: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20210825162103.CE851FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2836-1 Rating: important References: #1144312 #1144442 #1173581 #1182115 #1182545 SLE-17452 SLE-20081 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes and contains two features can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - change version to 0.180.1 - Extent the SAP HANA ressource agents from single replication automation to multi replication automation (jsc#SLE-17452, jsc#SLE-20081) - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop' in the cluster. (bsc#1182545) - Improve handling of return codes in 'saphana_stopSystem' and 'saphana_stop' function. (bsc#1182115) - Integrate man pages back to the base package SAPHanaSR-ScaleOut. - Fixed an issue when HANA failover returns and empty site name. (bsc#1173581) - Add SAPHanaSR-call-monitor - Fixed an issue when HANA is configured to have only one master name server, but no additional master name server candidates, there may be the situation, where the master name server died and so the landscape has no active name server anymore. - Manual page updates: SAPHanaSR-ScaleOut.7 (bsc#1144442) SAPHanaSR-showAttr.8 (bsc#1144312) and others Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-2836=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2836=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2836=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.23.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.23.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.23.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.23.1 References: https://bugzilla.suse.com/1144312 https://bugzilla.suse.com/1144442 https://bugzilla.suse.com/1173581 https://bugzilla.suse.com/1182115 https://bugzilla.suse.com/1182545 From sle-updates at lists.suse.com Wed Aug 25 16:22:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 18:22:45 +0200 (CEST) Subject: SUSE-SU-2021:2837-1: moderate: Security update for mariadb Message-ID: <20210825162245.4FBEBFD0A@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2837-1 Rating: moderate References: #1180014 #1189320 Cross-References: CVE-2021-2372 CVE-2021-2389 CVSS scores: CVE-2021-2372 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2372 (SUSE): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Update to version 10.2.40 (bsc#1189320): - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 In additon the follwing was changed: - Increase NOFILE limit on service configuration (bsc#1180014) The default 'NOFILE' setting on mariadb service configuration is to low and may cause instability on higher loads. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2837=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.4.21-3.14.1 libmariadbd19-10.4.21-3.14.1 libmariadbd19-debuginfo-10.4.21-3.14.1 mariadb-10.4.21-3.14.1 mariadb-client-10.4.21-3.14.1 mariadb-client-debuginfo-10.4.21-3.14.1 mariadb-debuginfo-10.4.21-3.14.1 mariadb-debugsource-10.4.21-3.14.1 mariadb-tools-10.4.21-3.14.1 mariadb-tools-debuginfo-10.4.21-3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): mariadb-errormessages-10.4.21-3.14.1 References: https://www.suse.com/security/cve/CVE-2021-2372.html https://www.suse.com/security/cve/CVE-2021-2389.html https://bugzilla.suse.com/1180014 https://bugzilla.suse.com/1189320 From sle-updates at lists.suse.com Wed Aug 25 16:25:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 18:25:12 +0200 (CEST) Subject: SUSE-SU-2021:2838-1: moderate: Security update for jetty-minimal Message-ID: <20210825162512.12845FD0A@maintenance.suse.de> SUSE Security Update: Security update for jetty-minimal ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2838-1 Rating: moderate References: #1188438 Cross-References: CVE-2021-34429 CVSS scores: CVE-2021-34429 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-34429 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2838=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2838=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jetty-http-9.4.43-3.12.2 jetty-io-9.4.43-3.12.2 jetty-security-9.4.43-3.12.2 jetty-server-9.4.43-3.12.2 jetty-servlet-9.4.43-3.12.2 jetty-util-9.4.43-3.12.2 jetty-util-ajax-9.4.43-3.12.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): jetty-http-9.4.43-3.12.2 jetty-io-9.4.43-3.12.2 jetty-security-9.4.43-3.12.2 jetty-server-9.4.43-3.12.2 jetty-servlet-9.4.43-3.12.2 jetty-util-9.4.43-3.12.2 jetty-util-ajax-9.4.43-3.12.2 References: https://www.suse.com/security/cve/CVE-2021-34429.html https://bugzilla.suse.com/1188438 From sle-updates at lists.suse.com Wed Aug 25 16:26:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 18:26:31 +0200 (CEST) Subject: SUSE-SU-2021:2834-1: moderate: Security update for unrar Message-ID: <20210825162631.31CFFFD0A@maintenance.suse.de> SUSE Security Update: Security update for unrar ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2834-1 Rating: moderate References: #1046882 #1054038 #1187974 SLE-20843 Cross-References: CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-20006 CVSS scores: CVE-2012-6706 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12938 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2017-12938 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2017-12940 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12940 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-12941 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12941 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-12942 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12942 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-20006 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-20006 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2834=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2834=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2834=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2834=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2834=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2834=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2834=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2834=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2834=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2834=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2834=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE OpenStack Cloud 9 (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE OpenStack Cloud 8 (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libunrar-devel-5.6.1-4.5.1 libunrar5_6_1-5.6.1-4.5.1 libunrar5_6_1-debuginfo-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://www.suse.com/security/cve/CVE-2017-12938.html https://www.suse.com/security/cve/CVE-2017-12940.html https://www.suse.com/security/cve/CVE-2017-12941.html https://www.suse.com/security/cve/CVE-2017-12942.html https://www.suse.com/security/cve/CVE-2017-20006.html https://bugzilla.suse.com/1046882 https://bugzilla.suse.com/1054038 https://bugzilla.suse.com/1187974 From sle-updates at lists.suse.com Wed Aug 25 16:28:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 18:28:04 +0200 (CEST) Subject: SUSE-RU-2021:2839-1: moderate: Recommended update for yast2 Message-ID: <20210825162804.BBED9FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2839-1 Rating: moderate References: #1187581 #1187676 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Do not escape "$" in URL paths. (bsc#1187581) - Don't crash with UI exception in 'Progress.rb' if a popup is in the way. (bsc#1187676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2839=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-2839=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-4.3.65-3.11.1 yast2-logs-4.3.65-3.11.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-4.3.65-3.11.1 References: https://bugzilla.suse.com/1187581 https://bugzilla.suse.com/1187676 From sle-updates at lists.suse.com Wed Aug 25 19:18:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 21:18:18 +0200 (CEST) Subject: SUSE-SU-2021:2848-1: important: Security update for aspell Message-ID: <20210825191818.2EFBEFD0A@maintenance.suse.de> SUSE Security Update: Security update for aspell ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2848-1 Rating: important References: #1188576 Cross-References: CVE-2019-25051 CVSS scores: CVE-2019-25051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-25051 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2848=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2848=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2848=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2848=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2848=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2848=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2848=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2848=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2848=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2848=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2848=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2848=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2848=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE OpenStack Cloud 9 (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE OpenStack Cloud 8 (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-devel-0.60.6.1-18.11.1 libpspell15-0.60.6.1-18.11.1 libpspell15-debuginfo-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 - HPE Helion Openstack 8 (x86_64): aspell-0.60.6.1-18.11.1 aspell-debuginfo-0.60.6.1-18.11.1 aspell-debugsource-0.60.6.1-18.11.1 aspell-ispell-0.60.6.1-18.11.1 libaspell15-0.60.6.1-18.11.1 libaspell15-32bit-0.60.6.1-18.11.1 libaspell15-debuginfo-0.60.6.1-18.11.1 libaspell15-debuginfo-32bit-0.60.6.1-18.11.1 References: https://www.suse.com/security/cve/CVE-2019-25051.html https://bugzilla.suse.com/1188576 From sle-updates at lists.suse.com Wed Aug 25 19:19:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 21:19:37 +0200 (CEST) Subject: SUSE-SU-2021:2842-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) Message-ID: <20210825191937.EC3F1FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2842-1 Rating: important References: #1188323 #1188842 Cross-References: CVE-2021-3609 CVE-2021-37576 CVSS scores: CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_135 fixes several issues. The following security issues were fixed: - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2840=1 SUSE-SLE-SAP-12-SP3-2021-2841=1 SUSE-SLE-SAP-12-SP3-2021-2842=1 SUSE-SLE-SAP-12-SP3-2021-2843=1 SUSE-SLE-SAP-12-SP3-2021-2844=1 SUSE-SLE-SAP-12-SP3-2021-2845=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2840=1 SUSE-SLE-SERVER-12-SP3-2021-2841=1 SUSE-SLE-SERVER-12-SP3-2021-2842=1 SUSE-SLE-SERVER-12-SP3-2021-2843=1 SUSE-SLE-SERVER-12-SP3-2021-2844=1 SUSE-SLE-SERVER-12-SP3-2021-2845=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_127-default-14-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_130-default-13-2.2 kgraft-patch-4_4_180-94_130-default-debuginfo-13-2.2 kgraft-patch-4_4_180-94_135-default-11-2.2 kgraft-patch-4_4_180-94_135-default-debuginfo-11-2.2 kgraft-patch-4_4_180-94_138-default-9-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_141-default-8-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_144-default-5-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-5-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_127-default-14-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_130-default-13-2.2 kgraft-patch-4_4_180-94_130-default-debuginfo-13-2.2 kgraft-patch-4_4_180-94_135-default-11-2.2 kgraft-patch-4_4_180-94_135-default-debuginfo-11-2.2 kgraft-patch-4_4_180-94_138-default-9-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_141-default-8-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_144-default-5-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-5-2.1 References: https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1188323 https://bugzilla.suse.com/1188842 From sle-updates at lists.suse.com Wed Aug 25 19:22:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 21:22:10 +0200 (CEST) Subject: SUSE-SU-2021:14793-1: important: Security update for libesmtp Message-ID: <20210825192210.9DD20FD0A@maintenance.suse.de> SUSE Security Update: Security update for libesmtp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14793-1 Rating: important References: #1160462 #1189097 Cross-References: CVE-2019-19977 CVSS scores: CVE-2019-19977 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19977 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libesmtp-14793=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libesmtp-14793=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libesmtp-14793=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libesmtp-14793=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libesmtp-1.0.4-157.18.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libesmtp-1.0.4-157.18.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libesmtp-debuginfo-1.0.4-157.18.3.1 libesmtp-debugsource-1.0.4-157.18.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libesmtp-debuginfo-1.0.4-157.18.3.1 libesmtp-debugsource-1.0.4-157.18.3.1 References: https://www.suse.com/security/cve/CVE-2019-19977.html https://bugzilla.suse.com/1160462 https://bugzilla.suse.com/1189097 From sle-updates at lists.suse.com Wed Aug 25 19:26:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Aug 2021 21:26:41 +0200 (CEST) Subject: SUSE-SU-2021:2846-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) Message-ID: <20210825192641.EF93BFD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2846-1 Rating: important References: #1176931 #1182294 #1188842 Cross-References: CVE-2020-0429 CVE-2021-28688 CVE-2021-37576 CVSS scores: CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_147 fixes several issues. The following security issues were fixed: - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-28688: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. (bsc#1183646) - CVE-2020-0429: Fixed a potential local privilege escalation in l2tp_session_delete and related functions of l2tp_core.c (bsc#1176724). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2846=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2846=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-2-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-2-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-2-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-37576.html https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1188842 From sle-updates at lists.suse.com Thu Aug 26 06:44:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Aug 2021 08:44:26 +0200 (CEST) Subject: SUSE-CU-2021:290-1: Security update of suse/sle15 Message-ID: <20210826064426.367A5FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:290-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.441 Container Release : 4.22.441 Severity : critical Type : security References : 1189206 1189465 1189465 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) From sle-updates at lists.suse.com Thu Aug 26 07:06:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Aug 2021 09:06:04 +0200 (CEST) Subject: SUSE-CU-2021:292-1: Security update of suse/sle15 Message-ID: <20210826070604.211DBFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:292-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.497 Container Release : 6.2.497 Severity : critical Type : security References : 1188571 1189206 1189465 1189465 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) From sle-updates at lists.suse.com Thu Aug 26 07:19:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Aug 2021 09:19:41 +0200 (CEST) Subject: SUSE-CU-2021:293-1: Security update of suse/sle15 Message-ID: <20210826071941.E22D2FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:293-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.8 Container Release : 9.5.8 Severity : critical Type : security References : 1188571 1189206 1189465 1189465 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) From sle-updates at lists.suse.com Thu Aug 26 13:17:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Aug 2021 15:17:18 +0200 (CEST) Subject: SUSE-RU-2021:2849-1: moderate: Recommended update for graphviz Message-ID: <20210826131718.A54CDFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2849-1 Rating: moderate References: #1151207 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for graphviz fixes the following issues: - Tool 'dot', provided by graphviz, crashes on specific data input (bsc#1151207) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2849=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2849=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2849=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2849=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2849=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2849=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2849=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2849=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2849=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2849=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2849=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-2849=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-tcl-2.40.1-6.12.1 graphviz-tcl-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-tcl-2.40.1-6.12.1 graphviz-tcl-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-gnome-2.40.1-6.12.1 graphviz-gnome-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-gnome-2.40.1-6.12.1 graphviz-gnome-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-perl-2.40.1-6.12.1 graphviz-perl-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-perl-2.40.1-6.12.1 graphviz-perl-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.12.1 graphviz-debuginfo-2.40.1-6.12.1 graphviz-debugsource-2.40.1-6.12.1 graphviz-devel-2.40.1-6.12.1 graphviz-plugins-core-2.40.1-6.12.1 graphviz-plugins-core-debuginfo-2.40.1-6.12.1 libgraphviz6-2.40.1-6.12.1 libgraphviz6-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.12.1 graphviz-debuginfo-2.40.1-6.12.1 graphviz-debugsource-2.40.1-6.12.1 graphviz-devel-2.40.1-6.12.1 graphviz-plugins-core-2.40.1-6.12.1 graphviz-plugins-core-debuginfo-2.40.1-6.12.1 libgraphviz6-2.40.1-6.12.1 libgraphviz6-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-gd-2.40.1-6.12.1 graphviz-gd-debuginfo-2.40.1-6.12.1 graphviz-python-2.40.1-6.12.1 graphviz-python-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-gd-2.40.1-6.12.1 graphviz-gd-debuginfo-2.40.1-6.12.1 graphviz-python-2.40.1-6.12.1 graphviz-python-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-gd-2.40.1-6.12.1 graphviz-gd-debuginfo-2.40.1-6.12.1 graphviz-python-2.40.1-6.12.1 graphviz-python-debuginfo-2.40.1-6.12.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.12.1 graphviz-addons-debugsource-2.40.1-6.12.1 graphviz-gd-2.40.1-6.12.1 graphviz-gd-debuginfo-2.40.1-6.12.1 graphviz-python-2.40.1-6.12.1 graphviz-python-debuginfo-2.40.1-6.12.1 References: https://bugzilla.suse.com/1151207 From sle-updates at lists.suse.com Thu Aug 26 16:16:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Aug 2021 18:16:14 +0200 (CEST) Subject: SUSE-RU-2021:2850-1: moderate: Recommended update for resource-agents Message-ID: <20210826161614.5F09EFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2850-1 Rating: moderate References: #1188975 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fix azure-lb resourece agent using '/usr/bin/nc' instead of '/usr/bin/socat'. (bsc#1188975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-2850=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-3.67.1 resource-agents-4.3.0184.6ee15eb2-3.67.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-3.67.1 resource-agents-debugsource-4.3.0184.6ee15eb2-3.67.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-3.67.1 References: https://bugzilla.suse.com/1188975 From sle-updates at lists.suse.com Thu Aug 26 16:17:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Aug 2021 18:17:22 +0200 (CEST) Subject: SUSE-RU-2021:2851-1: moderate: Recommended update for resource-agents Message-ID: <20210826161722.9B75CFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2851-1 Rating: moderate References: #1188975 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fix azure-lb resourece agent using '/usr/bin/nc' instead of '/usr/bin/socat'. (bsc#1188975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2851=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-4.51.1 resource-agents-4.3.0184.6ee15eb2-4.51.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-4.51.1 resource-agents-debugsource-4.3.0184.6ee15eb2-4.51.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-4.51.1 References: https://bugzilla.suse.com/1188975 From sle-updates at lists.suse.com Fri Aug 27 10:17:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 12:17:07 +0200 (CEST) Subject: SUSE-SU-2021:2852-1: important: Security update for compat-openssl098 Message-ID: <20210827101707.D7EFBFCF4@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2852-1 Rating: important References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for compat-openssl098 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-2852=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2852=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2852=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2021-2852=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): compat-openssl098-debugsource-0.9.8j-106.27.2 libopenssl0_9_8-0.9.8j-106.27.2 libopenssl0_9_8-debuginfo-0.9.8j-106.27.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.27.2 libopenssl0_9_8-0.9.8j-106.27.2 libopenssl0_9_8-debuginfo-0.9.8j-106.27.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.27.2 libopenssl0_9_8-0.9.8j-106.27.2 libopenssl0_9_8-debuginfo-0.9.8j-106.27.2 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.27.2 libopenssl0_9_8-0.9.8j-106.27.2 libopenssl0_9_8-32bit-0.9.8j-106.27.2 libopenssl0_9_8-debuginfo-0.9.8j-106.27.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.27.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Fri Aug 27 13:18:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 15:18:06 +0200 (CEST) Subject: SUSE-RU-2021:2854-1: moderate: Recommended update for rust Message-ID: <20210827131806.25527FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2854-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rust fixes the following issues: - Updated rust to be able to build Firefox ESR91 (bsc#1188891) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2854=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2854=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2854=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2854=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cargo-1.53.0-3.36.1 cargo-debuginfo-1.53.0-3.36.1 rust-1.53.0-3.36.1 rust-debuginfo-1.53.0-3.36.1 rust-gdb-1.53.0-3.36.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): rust-src-1.53.0-3.36.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): rls-1.53.0-3.36.1 rust-analysis-1.53.0-3.36.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cargo-1.53.0-3.36.1 cargo-debuginfo-1.53.0-3.36.1 rust-1.53.0-3.36.1 rust-debuginfo-1.53.0-3.36.1 rust-gdb-1.53.0-3.36.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): rls-1.53.0-3.36.1 rust-analysis-1.53.0-3.36.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): rust-src-1.53.0-3.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cargo-1.53.0-3.36.1 cargo-debuginfo-1.53.0-3.36.1 rls-1.53.0-3.36.1 rust-1.53.0-3.36.1 rust-analysis-1.53.0-3.36.1 rust-debuginfo-1.53.0-3.36.1 rust-gdb-1.53.0-3.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): rust-src-1.53.0-3.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cargo-1.53.0-3.36.1 cargo-debuginfo-1.53.0-3.36.1 rls-1.53.0-3.36.1 rust-1.53.0-3.36.1 rust-analysis-1.53.0-3.36.1 rust-debuginfo-1.53.0-3.36.1 rust-gdb-1.53.0-3.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): rust-src-1.53.0-3.36.1 References: From sle-updates at lists.suse.com Fri Aug 27 13:19:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 15:19:11 +0200 (CEST) Subject: SUSE-SU-2021:2857-1: moderate: Security update for 389-ds Message-ID: <20210827131911.04411FCF4@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2857-1 Rating: moderate References: #1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for 389-ds fixes the following issues: - Update to version 1.4.3.24 - CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2857=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.24~git13.7b705e743-3.19.1 389-ds-debuginfo-1.4.3.24~git13.7b705e743-3.19.1 389-ds-debugsource-1.4.3.24~git13.7b705e743-3.19.1 389-ds-devel-1.4.3.24~git13.7b705e743-3.19.1 lib389-1.4.3.24~git13.7b705e743-3.19.1 libsvrcore0-1.4.3.24~git13.7b705e743-3.19.1 libsvrcore0-debuginfo-1.4.3.24~git13.7b705e743-3.19.1 References: https://www.suse.com/security/cve/CVE-2021-3652.html https://bugzilla.suse.com/1188455 From sle-updates at lists.suse.com Fri Aug 27 13:21:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 15:21:21 +0200 (CEST) Subject: SUSE-RU-2021:2855-1: moderate: Recommended update for rust Message-ID: <20210827132121.5DC3AFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2855-1 Rating: moderate References: SLE-18626 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rust fixes the following issues: This ships the new parallel rust 1.54 version. Version 1.54.0 (2021-07-29) Language: - You can now use macros for values in built-in attribute macros. While a seemingly minor addition on its own, this enables a lot of powerful functionality when combined correctly. Most notably you can now include external documentation in your crate by writing the following. ```rust #![doc = include_str!("README.md")] ``` You can also use this to include auto-generated modules: ```rust #[path = concat!(env!("OUT_DIR"), "/generated.rs")] mod generated; ``` - You can now cast between unsized slice types (and types which contain unsized slices) in `const fn`. - You can now use multiple generic lifetimes with `impl Trait` where the lifetimes don't explicitly outlive another. In code this means that you can now have `impl Trait<'a, 'b>` where as before you could only have `impl Trait<'a, 'b> where 'b: 'a`. Compiler: - Rustc will now search for custom JSON targets in `/lib/rustlib//target.json` where `/` is the "sysroot" directory. You can find your sysroot directory by running `rustc --print sysroot`. - Added `wasm` as a `target_family` for WebAssembly platforms. - You can now use `#[target_feature]` on safe functions when targeting WebAssembly platforms. - Improved debugger output for enums on Windows MSVC platforms. - Added tier 3\* support for `bpfel-unknown-none` and `bpfeb-unknown-none`. \* Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries: - `panic::panic_any` will now `#[track_caller]`. - Added `OutOfMemory` as a variant of `io::ErrorKind`. - `proc_macro::Literal` now implements `FromStr`. - The implementations of vendor intrinsics in core::arch have been significantly refactored. The main user-visible changes are a 50% reduction in the size of libcore.rlib and stricter validation of constant operands passed to intrinsics. The latter is technically a breaking change, but allows Rust to more closely match the C vendor intrinsics API. Stabilized APIs: - BTreeMap::into_keys - BTreeMap::into_values - HashMap::into_keys - HashMap::into_values - arch::wasm32 - VecDeque::binary_search - VecDeque::binary_search_by - VecDeque::binary_search_by_key - VecDeque::partition_point Cargo: - Added the `--prune ` option to `cargo-tree` to remove a package from the dependency graph. - Added the `--depth` option to `cargo-tree` to print only to a certain depth in the tree. - Added the `no-proc-macro` value to `cargo-tree --edges` to hide procedural macro dependencies. - A new environment variable named `CARGO_TARGET_TMPDIR` is available. This variable points to a directory that integration tests and benches can use as a "scratchpad" for testing filesystem operations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2855=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 i586 ppc64le s390x x86_64): cargo-1.54.0-21.6.2 rust-1.54.0-21.6.2 rust-gdb-1.54.0-21.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo1.54-1.54.0-7.3.1 cargo1.54-debuginfo-1.54.0-7.3.1 rust1.54-1.54.0-7.3.1 rust1.54-debuginfo-1.54.0-7.3.1 rust1.54-gdb-1.54.0-7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): rls-1.54.0-21.6.2 rls1.54-1.54.0-7.3.1 rls1.54-debuginfo-1.54.0-7.3.1 rust1.54-analysis-1.54.0-7.3.1 rust1.54-doc-1.54.0-7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): cargo1.54-doc-1.54.0-7.3.1 rust1.54-src-1.54.0-7.3.1 References: From sle-updates at lists.suse.com Fri Aug 27 13:22:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 15:22:33 +0200 (CEST) Subject: SUSE-SU-2021:2858-1: moderate: Security update for qemu Message-ID: <20210827132233.C6D8EFCF4@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2858-1 Rating: moderate References: #1180432 #1180433 #1180434 #1180435 #1182651 #1186012 #1188299 #1189145 Cross-References: CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 CVSS scores: CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-35506 (SUSE): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Non-security issues fixed: - Use max host physical address if -cpu max is used (bsc#1188299) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2858=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2858=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-103.2 qemu-block-curl-5.2.0-103.2 qemu-block-curl-debuginfo-5.2.0-103.2 qemu-block-iscsi-5.2.0-103.2 qemu-block-iscsi-debuginfo-5.2.0-103.2 qemu-block-rbd-5.2.0-103.2 qemu-block-rbd-debuginfo-5.2.0-103.2 qemu-block-ssh-5.2.0-103.2 qemu-block-ssh-debuginfo-5.2.0-103.2 qemu-chardev-baum-5.2.0-103.2 qemu-chardev-baum-debuginfo-5.2.0-103.2 qemu-debuginfo-5.2.0-103.2 qemu-debugsource-5.2.0-103.2 qemu-guest-agent-5.2.0-103.2 qemu-guest-agent-debuginfo-5.2.0-103.2 qemu-ksm-5.2.0-103.2 qemu-lang-5.2.0-103.2 qemu-ui-curses-5.2.0-103.2 qemu-ui-curses-debuginfo-5.2.0-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64): qemu-audio-spice-5.2.0-103.2 qemu-audio-spice-debuginfo-5.2.0-103.2 qemu-chardev-spice-5.2.0-103.2 qemu-chardev-spice-debuginfo-5.2.0-103.2 qemu-hw-display-qxl-5.2.0-103.2 qemu-hw-display-qxl-debuginfo-5.2.0-103.2 qemu-hw-display-virtio-vga-5.2.0-103.2 qemu-hw-display-virtio-vga-debuginfo-5.2.0-103.2 qemu-hw-usb-redirect-5.2.0-103.2 qemu-hw-usb-redirect-debuginfo-5.2.0-103.2 qemu-ui-gtk-5.2.0-103.2 qemu-ui-gtk-debuginfo-5.2.0-103.2 qemu-ui-opengl-5.2.0-103.2 qemu-ui-opengl-debuginfo-5.2.0-103.2 qemu-ui-spice-app-5.2.0-103.2 qemu-ui-spice-app-debuginfo-5.2.0-103.2 qemu-ui-spice-core-5.2.0-103.2 qemu-ui-spice-core-debuginfo-5.2.0-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64): qemu-hw-display-virtio-gpu-5.2.0-103.2 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-103.2 qemu-hw-display-virtio-gpu-pci-5.2.0-103.2 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-103.2 qemu-kvm-5.2.0-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le): qemu-ppc-5.2.0-103.2 qemu-ppc-debuginfo-5.2.0-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64): qemu-arm-5.2.0-103.2 qemu-arm-debuginfo-5.2.0-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): qemu-audio-alsa-5.2.0-103.2 qemu-audio-alsa-debuginfo-5.2.0-103.2 qemu-audio-pa-5.2.0-103.2 qemu-audio-pa-debuginfo-5.2.0-103.2 qemu-x86-5.2.0-103.2 qemu-x86-debuginfo-5.2.0-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): qemu-ipxe-1.0.0+-103.2 qemu-seabios-1.14.0_0_g155821a-103.2 qemu-sgabios-8-103.2 qemu-skiboot-5.2.0-103.2 qemu-vgabios-1.14.0_0_g155821a-103.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x): qemu-hw-s390x-virtio-gpu-ccw-5.2.0-103.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-103.2 qemu-s390x-5.2.0-103.2 qemu-s390x-debuginfo-5.2.0-103.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-5.2.0-103.2 qemu-debugsource-5.2.0-103.2 qemu-tools-5.2.0-103.2 qemu-tools-debuginfo-5.2.0-103.2 References: https://www.suse.com/security/cve/CVE-2020-35503.html https://www.suse.com/security/cve/CVE-2020-35504.html https://www.suse.com/security/cve/CVE-2020-35505.html https://www.suse.com/security/cve/CVE-2020-35506.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-3527.html https://www.suse.com/security/cve/CVE-2021-3682.html https://bugzilla.suse.com/1180432 https://bugzilla.suse.com/1180433 https://bugzilla.suse.com/1180434 https://bugzilla.suse.com/1180435 https://bugzilla.suse.com/1182651 https://bugzilla.suse.com/1186012 https://bugzilla.suse.com/1188299 https://bugzilla.suse.com/1189145 From sle-updates at lists.suse.com Fri Aug 27 13:26:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 15:26:33 +0200 (CEST) Subject: SUSE-RU-2021:2856-1: important: Recommended update for crmsh Message-ID: <20210827132633.F3E08FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2856-1 Rating: important References: #1175982 #1180137 #1185423 #1187396 SLE-18367 SLE-18374 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes and contains two features can now be installed. Description: This update for crmsh fixes the following issues: - Update to version 4.1.1+git.1625191010.47a3ee14: * Dev: crash_test: Add big warnings to have users' attention to potential failover * Dev: crash_test: rename preflight_check as crash_test (jsc#SLE-18367, jsc#SLE-18374) * Fix: completers: return complete start/stop resource id list correctly (bsc#1180137) * Medium: integrate preflight_check into crmsh * Fix: help: show help message from argparse (bsc#1175982) * Fix: resource: make untrace consistent with trace (bsc#1187396) * Fix: parse: shouldn't allow property setting with an empty value (bsc#1185423) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2856=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-2856=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.1+git.1625191010.47a3ee14-2.62.1 crmsh-scripts-4.1.1+git.1625191010.47a3ee14-2.62.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.1+git.1625191010.47a3ee14-2.62.1 crmsh-scripts-4.1.1+git.1625191010.47a3ee14-2.62.1 References: https://bugzilla.suse.com/1175982 https://bugzilla.suse.com/1180137 https://bugzilla.suse.com/1185423 https://bugzilla.suse.com/1187396 From sle-updates at lists.suse.com Fri Aug 27 16:16:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 18:16:39 +0200 (CEST) Subject: SUSE-SU-2021:2861-1: moderate: Security update for spectre-meltdown-checker Message-ID: <20210827161639.D18F6FCF4@maintenance.suse.de> SUSE Security Update: Security update for spectre-meltdown-checker ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2861-1 Rating: moderate References: #1189477 Cross-References: CVE-2017-5753 CVSS scores: CVE-2017-5753 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 (SUSE): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 (bsc#1189477) - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2861=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2861=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2861=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2861=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2861=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2861=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2861=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2861=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2861=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2861=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2861=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Manager Proxy 4.0 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE Enterprise Storage 6 (x86_64): spectre-meltdown-checker-0.44-3.6.1 - SUSE CaaS Platform 4.0 (x86_64): spectre-meltdown-checker-0.44-3.6.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1189477 From sle-updates at lists.suse.com Fri Aug 27 16:17:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 18:17:49 +0200 (CEST) Subject: SUSE-RU-2021:2860-1: moderate: Recommended update for yast2-saptune Message-ID: <20210827161749.62DD3FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2860-1 Rating: moderate References: #1188321 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-saptune fixes the following issues: - Exchange the tuned daemon handling with the new saptune service. (bsc#1188321) - Add information, if the service is enabled or disabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-2860=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2860=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2860=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): yast2-saptune-1.4-3.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): yast2-saptune-1.4-3.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): yast2-saptune-1.4-3.7.1 References: https://bugzilla.suse.com/1188321 From sle-updates at lists.suse.com Fri Aug 27 16:20:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 18:20:04 +0200 (CEST) Subject: SUSE-RU-2021:2859-1: moderate: Recommended update for bzip2 Message-ID: <20210827162004.1DC85FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2859-1 Rating: moderate References: #1188891 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bzip2 fixes the following issues: - Disable a optimization that caused crashes with libarchive due to uninitialized memory. (bsc#1188891) - Fixed bashisms in bzgrep and bznew Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2859=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2859=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.11.1 bzip2-debugsource-1.0.6-30.11.1 libbz2-devel-1.0.6-30.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.11.1 bzip2-debuginfo-1.0.6-30.11.1 bzip2-debugsource-1.0.6-30.11.1 libbz2-1-1.0.6-30.11.1 libbz2-1-debuginfo-1.0.6-30.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libbz2-1-32bit-1.0.6-30.11.1 libbz2-1-debuginfo-32bit-1.0.6-30.11.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bzip2-doc-1.0.6-30.11.1 References: https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Fri Aug 27 16:21:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Aug 2021 18:21:13 +0200 (CEST) Subject: SUSE-SU-2021:2862-1: moderate: Security update for spectre-meltdown-checker Message-ID: <20210827162113.54C4FFCF4@maintenance.suse.de> SUSE Security Update: Security update for spectre-meltdown-checker ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2862-1 Rating: moderate References: #1189477 Cross-References: CVE-2017-5753 CVSS scores: CVE-2017-5753 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 (SUSE): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 (bsc#1189477) - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2862=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): spectre-meltdown-checker-0.44-3.6.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1189477 From sle-updates at lists.suse.com Mon Aug 30 10:17:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 12:17:01 +0200 (CEST) Subject: SUSE-RU-2021:2863-1: moderate: Recommended update for python-dbus-python Message-ID: <20210830101701.0A5ADFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dbus-python ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2863-1 Rating: moderate References: #1183818 ECO-3589 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for python-dbus-python fixes the following issues: - Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818) - update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present. - Support builds with more than one python3 flavor - Clean duplicate python flavor variables for configure - Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code. - Add missing dependency for pkg-config files - Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely - Add dbus-1-python3 package - Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to - When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon - New package: dbus-1-python-devel Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2863=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-2863=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-2863=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2863=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2863=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2863=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2863=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2863=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2863=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python3-dbus-python-1.2.16-6.3.1 python3-dbus-python-debuginfo-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python2-dbus-python-1.2.16-6.3.1 python2-dbus-python-debuginfo-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python2-dbus-python-1.2.16-6.3.1 python2-dbus-python-debuginfo-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python2-dbus-python-devel-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python2-dbus-python-devel-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-dbus-python-common-devel-1.2.16-6.3.1 python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python3-dbus-python-devel-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-dbus-python-common-devel-1.2.16-6.3.1 python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python3-dbus-python-devel-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python3-dbus-python-1.2.16-6.3.1 python3-dbus-python-debuginfo-1.2.16-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python3-dbus-python-1.2.16-6.3.1 python3-dbus-python-debuginfo-1.2.16-6.3.1 References: https://bugzilla.suse.com/1183818 From sle-updates at lists.suse.com Mon Aug 30 13:16:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 15:16:35 +0200 (CEST) Subject: SUSE-RU-2021:2866-1: moderate: Recommended update for yast2-nfs-server Message-ID: <20210830131635.6EC86FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2866-1 Rating: moderate References: #1188618 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-nfs-server fixes the following issues: - Set X-SuSE-YaST-AutoInstClient in the desktop file to properly determine the client name. (bsc#1188618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2866=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-nfs-common-4.2.5-3.3.1 yast2-nfs-server-4.2.5-3.3.1 References: https://bugzilla.suse.com/1188618 From sle-updates at lists.suse.com Mon Aug 30 13:17:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 15:17:43 +0200 (CEST) Subject: SUSE-RU-2021:2865-1: moderate: Recommended update for crmsh Message-ID: <20210830131743.CA0CFFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2865-1 Rating: moderate References: #1188290 #1188966 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for the documentation: Note that resource tracing is only supported by OCF resource agents. (bsc#1188966) - Development for 'ui_context': Add info when spell-corrections happen. - Fix for 'parse': Should still be able to show the empty property if it already exists. (bsc#1188290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-2865=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.3.1+20210811.2a30e37e-3.80.1 crmsh-scripts-4.3.1+20210811.2a30e37e-3.80.1 References: https://bugzilla.suse.com/1188290 https://bugzilla.suse.com/1188966 From sle-updates at lists.suse.com Mon Aug 30 13:18:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 15:18:54 +0200 (CEST) Subject: SUSE-RU-2021:2864-1: moderate: Recommended update for crmsh Message-ID: <20210830131854.A6026FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2864-1 Rating: moderate References: #1188290 #1188966 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: * Fix for the documentation: Note that resource tracing is only supported by OCF resource agents. (bsc#1188966) * Development for 'ui_context': Add info when spell-corrections happen. * Fix for 'parse': Should still be able to show the empty property if it already exists. (bsc#1188290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2864=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.3.1+20210811.2a30e37e-3.75.1 crmsh-scripts-4.3.1+20210811.2a30e37e-3.75.1 References: https://bugzilla.suse.com/1188290 https://bugzilla.suse.com/1188966 From sle-updates at lists.suse.com Mon Aug 30 16:16:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 18:16:42 +0200 (CEST) Subject: SUSE-RU-2021:2868-1: moderate: Recommended update for ClusterTools2 Message-ID: <20210830161642.3BA5FFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ClusterTools2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2868-1 Rating: moderate References: #1166943 #1186119 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ClusterTools2 fixes the following issues: - change version from 3.1.0 to 3.1.1 - As some of the supportconfig plugins of ClusterTools2 take very long time to process, we will disable these plugins by default. (bsc#1186119) - Add file samples to support SLE15. (bsc#1166943) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-2868=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2868=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2868=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): ClusterTools2-3.1.1-19.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): ClusterTools2-3.1.1-19.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ClusterTools2-3.1.1-19.9.1 References: https://bugzilla.suse.com/1166943 https://bugzilla.suse.com/1186119 From sle-updates at lists.suse.com Mon Aug 30 16:17:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 18:17:53 +0200 (CEST) Subject: SUSE-RU-2021:2867-1: moderate: Recommended update for acct Message-ID: <20210830161753.D2BEBFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for acct ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2867-1 Rating: moderate References: #1187240 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acct fixes the following issues: - Use '/var/account/pacct' instead of '/var/log/account/pacct'. (bsc#1187240) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2867=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): acct-6.6.1-5.3.1 acct-debuginfo-6.6.1-5.3.1 acct-debugsource-6.6.1-5.3.1 References: https://bugzilla.suse.com/1187240 From sle-updates at lists.suse.com Mon Aug 30 19:16:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:16:31 +0200 (CEST) Subject: SUSE-RU-2021:2878-1: moderate: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Message-ID: <20210830191631.0D7C2FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2878-1 Rating: moderate References: #1185714 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container contains the following fixes: Changes in kubevirt: - Generate meta info for containers during rpm build. - Add REGISTRY variable. - Use registry.suse.com as the default fallback for sle. - Rename macro registry_path to kubevirt_registry_path. - Do not package OLM manifests. - Install virt-launcher SELinux policy. (bsc#1185714) - Include release number into docker tag. - Add kubevirt_containers_meta build service. - Set default reg_path='registry.opensuse.org/kubevirt'. - Add _constraints file with disk requirements. - Fix virt-launcher VirDomain double free crash. Changes on the containers: - Include the registry in org.opensuse.reference. - Tag the image with -. - run zypper clean after installation. Changes specific to virt-launcher-container: - Create symlinks for OVMF binaries in expected location. - Sort installed packages alphabetically. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-2878=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-2878=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): kubevirt-manifests-0.40.0-5.14.3 kubevirt-virtctl-0.40.0-5.14.3 kubevirt-virtctl-debuginfo-0.40.0-5.14.3 - SUSE Linux Enterprise Module for Containers 15-SP2 (x86_64): kubevirt-manifests-0.40.0-5.14.3 kubevirt-virtctl-0.40.0-5.14.3 kubevirt-virtctl-debuginfo-0.40.0-5.14.3 References: https://bugzilla.suse.com/1185714 From sle-updates at lists.suse.com Mon Aug 30 19:17:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:17:37 +0200 (CEST) Subject: SUSE-SU-2021:2876-1: moderate: Security update for bind Message-ID: <20210830191737.BEEF1FCF4@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2876-1 Rating: moderate References: #1175443 #1188888 Cross-References: CVE-2020-8622 CVSS scores: CVE-2020-8622 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-8622 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for bind fixes the following issues: - CVE-2020-8622: A truncated TSIG response can lead to an assertion failure (bsc#1175443). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2876=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2876=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2876=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2876=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2876=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2876=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2876=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): bind-doc-9.9.9P1-63.28.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 - SUSE OpenStack Cloud 8 (x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 - SUSE OpenStack Cloud 8 (noarch): bind-doc-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bind-doc-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bind-doc-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bind-doc-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bind-doc-9.9.9P1-63.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 - HPE Helion Openstack 8 (noarch): bind-doc-9.9.9P1-63.28.1 - HPE Helion Openstack 8 (x86_64): bind-9.9.9P1-63.28.1 bind-chrootenv-9.9.9P1-63.28.1 bind-debuginfo-9.9.9P1-63.28.1 bind-debugsource-9.9.9P1-63.28.1 bind-libs-32bit-9.9.9P1-63.28.1 bind-libs-9.9.9P1-63.28.1 bind-libs-debuginfo-32bit-9.9.9P1-63.28.1 bind-libs-debuginfo-9.9.9P1-63.28.1 bind-utils-9.9.9P1-63.28.1 bind-utils-debuginfo-9.9.9P1-63.28.1 References: https://www.suse.com/security/cve/CVE-2020-8622.html https://bugzilla.suse.com/1175443 https://bugzilla.suse.com/1188888 From sle-updates at lists.suse.com Mon Aug 30 19:18:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:18:51 +0200 (CEST) Subject: SUSE-RU-2021:2879-1: moderate: Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, nbdkit Message-ID: <20210830191851.CE020FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, nbdkit ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2879-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, nbdkit fixes the following issues: - Generate meta info for containers during rpm build - Add REGISTRY variable - Use registry.suse.com as the default fallback for sle - Rename macro registry_path to kubevirt_registry_path - Include release number into docker tag - Add cdi_containers_meta build service - Set default reg_path='registry.opensuse.org/kubevirt' - Add _constraints file with disk requirements - Drop CDI_VERSION env var since its not used during the build - Update to version 1.25.7: * tar: Add comment about why we use LANG=C * python: Split up the large python.c file into smaller compilation units * Some documentation and test fixes - Update to version 1.25.6: * iso: Pick xorriso in preference to genisoimage or mkisofs. * vddk: VDDK 6.7 was the first version supporting extents. * Removed deprecated tar plugin - Added multi-conn filter Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-2879=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (x86_64): containerized-data-importer-manifests-1.30.0-5.6.2 References: From sle-updates at lists.suse.com Mon Aug 30 19:19:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:19:49 +0200 (CEST) Subject: SUSE-RU-2021:2870-1: moderate: Recommended update for yast2-packager Message-ID: <20210830191949.A9B35FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2870-1 Rating: moderate References: #1183795 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager fixes the following issues: - Corrects package selection when on "armv7l" (bsc#1183795) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2870=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-2870=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-packager-4.3.22-3.3.6 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-packager-4.3.22-3.3.6 References: https://bugzilla.suse.com/1183795 From sle-updates at lists.suse.com Mon Aug 30 19:22:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:22:04 +0200 (CEST) Subject: SUSE-SU-2021:2875-1: important: Security update for nodejs12 Message-ID: <20210830192204.752E2FCF4@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2875-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: http2: fixes use after free on close http2 on stream canceling (bsc#1188917) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-2875=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-2875=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.5-4.19.1 nodejs12-debuginfo-12.22.5-4.19.1 nodejs12-debugsource-12.22.5-4.19.1 nodejs12-devel-12.22.5-4.19.1 npm12-12.22.5-4.19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.5-4.19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.5-4.19.1 nodejs12-debuginfo-12.22.5-4.19.1 nodejs12-debugsource-12.22.5-4.19.1 nodejs12-devel-12.22.5-4.19.1 npm12-12.22.5-4.19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.22.5-4.19.1 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 From sle-updates at lists.suse.com Mon Aug 30 19:28:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:28:02 +0200 (CEST) Subject: SUSE-RU-2021:2869-1: moderate: Recommended update for yast2-update Message-ID: <20210830192802.DD91EFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2869-1 Rating: moderate References: #1181066 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-update fixes the following issues: - Avoid to bind-mount /run twice. (bsc#1181066) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2869=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-update-4.3.3-3.3.1 References: https://bugzilla.suse.com/1181066 From sle-updates at lists.suse.com Mon Aug 30 19:29:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:29:11 +0200 (CEST) Subject: SUSE-RU-2021:2871-1: moderate: Recommended update for bind Message-ID: <20210830192911.B7950FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2871-1 Rating: moderate References: #1187921 #1188763 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bind fixes the following issues: - Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed. - tsig-keygen is now used to generate DDNS keys (bsc#1187921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2871=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2871=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.54.2 bind-chrootenv-9.16.6-12.54.2 bind-debuginfo-9.16.6-12.54.2 bind-debugsource-9.16.6-12.54.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): bind-doc-9.16.6-12.54.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-12.54.2 bind-debugsource-9.16.6-12.54.2 bind-devel-9.16.6-12.54.2 bind-utils-9.16.6-12.54.2 bind-utils-debuginfo-9.16.6-12.54.2 libbind9-1600-9.16.6-12.54.2 libbind9-1600-debuginfo-9.16.6-12.54.2 libdns1605-9.16.6-12.54.2 libdns1605-debuginfo-9.16.6-12.54.2 libirs-devel-9.16.6-12.54.2 libirs1601-9.16.6-12.54.2 libirs1601-debuginfo-9.16.6-12.54.2 libisc1606-9.16.6-12.54.2 libisc1606-debuginfo-9.16.6-12.54.2 libisccc1600-9.16.6-12.54.2 libisccc1600-debuginfo-9.16.6-12.54.2 libisccfg1600-9.16.6-12.54.2 libisccfg1600-debuginfo-9.16.6-12.54.2 libns1604-9.16.6-12.54.2 libns1604-debuginfo-9.16.6-12.54.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-bind-9.16.6-12.54.2 References: https://bugzilla.suse.com/1187921 https://bugzilla.suse.com/1188763 From sle-updates at lists.suse.com Mon Aug 30 19:30:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:30:33 +0200 (CEST) Subject: SUSE-SU-2021:2873-1: important: Security update for sssd Message-ID: <20210830193033.024D8FCF4@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2873-1 Rating: important References: #1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2873=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2873=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.22.4 libsss_idmap-devel-1.16.1-7.22.4 libsss_nss_idmap-devel-1.16.1-7.22.4 sssd-debuginfo-1.16.1-7.22.4 sssd-debugsource-1.16.1-7.22.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.22.4 libipa_hbac0-debuginfo-1.16.1-7.22.4 libsss_certmap0-1.16.1-7.22.4 libsss_certmap0-debuginfo-1.16.1-7.22.4 libsss_idmap0-1.16.1-7.22.4 libsss_idmap0-debuginfo-1.16.1-7.22.4 libsss_nss_idmap0-1.16.1-7.22.4 libsss_nss_idmap0-debuginfo-1.16.1-7.22.4 libsss_simpleifp0-1.16.1-7.22.4 libsss_simpleifp0-debuginfo-1.16.1-7.22.4 python-sssd-config-1.16.1-7.22.4 python-sssd-config-debuginfo-1.16.1-7.22.4 sssd-1.16.1-7.22.4 sssd-ad-1.16.1-7.22.4 sssd-ad-debuginfo-1.16.1-7.22.4 sssd-dbus-1.16.1-7.22.4 sssd-dbus-debuginfo-1.16.1-7.22.4 sssd-debuginfo-1.16.1-7.22.4 sssd-debugsource-1.16.1-7.22.4 sssd-ipa-1.16.1-7.22.4 sssd-ipa-debuginfo-1.16.1-7.22.4 sssd-krb5-1.16.1-7.22.4 sssd-krb5-common-1.16.1-7.22.4 sssd-krb5-common-debuginfo-1.16.1-7.22.4 sssd-krb5-debuginfo-1.16.1-7.22.4 sssd-ldap-1.16.1-7.22.4 sssd-ldap-debuginfo-1.16.1-7.22.4 sssd-proxy-1.16.1-7.22.4 sssd-proxy-debuginfo-1.16.1-7.22.4 sssd-tools-1.16.1-7.22.4 sssd-tools-debuginfo-1.16.1-7.22.4 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-32bit-1.16.1-7.22.4 sssd-debuginfo-32bit-1.16.1-7.22.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.22.4 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1189492 From sle-updates at lists.suse.com Mon Aug 30 19:31:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:31:45 +0200 (CEST) Subject: SUSE-SU-2021:2877-1: moderate: Security update for mysql-connector-java Message-ID: <20210830193145.06CEAFCF4@maintenance.suse.de> SUSE Security Update: Security update for mysql-connector-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2877-1 Rating: moderate References: #1173600 Cross-References: CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 CVSS scores: CVE-2020-2875 (NVD) : 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-2875 (SUSE): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-2933 (NVD) : 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-2933 (SUSE): 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-2934 (NVD) : 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-2934 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mysql-connector-java fixes the following issues: - CVE-2020-2875: Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors. (bsc#1173600) - CVE-2020-2934: Fixed a vulnerability which could cause a partial denial of service of MySQL Connectors. (bsc#1173600) - CVE-2020-2933: Fixed a vulnerability which could allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. (bsc#1173600) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2877=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2877=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2877=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2877=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2877=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2877=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): mysql-connector-java-5.1.42-5.7.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): mysql-connector-java-5.1.42-5.7.1 - SUSE OpenStack Cloud 9 (noarch): mysql-connector-java-5.1.42-5.7.1 - SUSE OpenStack Cloud 8 (noarch): mysql-connector-java-5.1.42-5.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): mysql-connector-java-5.1.42-5.7.1 - HPE Helion Openstack 8 (noarch): mysql-connector-java-5.1.42-5.7.1 References: https://www.suse.com/security/cve/CVE-2020-2875.html https://www.suse.com/security/cve/CVE-2020-2933.html https://www.suse.com/security/cve/CVE-2020-2934.html https://bugzilla.suse.com/1173600 From sle-updates at lists.suse.com Mon Aug 30 19:32:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Aug 2021 21:32:55 +0200 (CEST) Subject: SUSE-SU-2021:2874-1: important: Security update for MozillaThunderbird Message-ID: <20210830193255.57E0FFCF4@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2874-1 Rating: important References: #1188891 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVSS scores: CVE-2021-29980 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29986 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to version 78.13 (MFSA 2021-35, bsc#1188891) - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2874=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2874=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-78.13.0-8.36.1 MozillaThunderbird-debuginfo-78.13.0-8.36.1 MozillaThunderbird-debugsource-78.13.0-8.36.1 MozillaThunderbird-translations-common-78.13.0-8.36.1 MozillaThunderbird-translations-other-78.13.0-8.36.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-78.13.0-8.36.1 MozillaThunderbird-debuginfo-78.13.0-8.36.1 MozillaThunderbird-debugsource-78.13.0-8.36.1 MozillaThunderbird-translations-common-78.13.0-8.36.1 MozillaThunderbird-translations-other-78.13.0-8.36.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Tue Aug 31 10:16:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 12:16:49 +0200 (CEST) Subject: SUSE-RU-2021:2881-1: moderate: Recommended update for yast2-nis-server Message-ID: <20210831101649.44236FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nis-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2881-1 Rating: moderate References: #1188644 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-nis-server fixes the following issues: - Set X-SuSE-YaST-AutoInstClient in the desktop file to properly determine the client name. (bsc#1188644) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2881=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-nis-server-4.3.2-3.3.1 References: https://bugzilla.suse.com/1188644 From sle-updates at lists.suse.com Tue Aug 31 10:17:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 12:17:57 +0200 (CEST) Subject: SUSE-RU-2021:2880-1: moderate: Recommended update for yast2-nis-server Message-ID: <20210831101757.7BE08FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nis-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2880-1 Rating: moderate References: #1188644 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-nis-server fixes the following issues: - Set X-SuSE-YaST-AutoInstClient in the desktop file to properly determine the client name. (bsc#1188644) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2880=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-nis-server-4.2.3-3.3.1 References: https://bugzilla.suse.com/1188644 From sle-updates at lists.suse.com Tue Aug 31 13:17:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 15:17:45 +0200 (CEST) Subject: SUSE-RU-2021:2883-1: moderate: Recommended update for yast2-nfs-server Message-ID: <20210831131745.A961FFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2883-1 Rating: moderate References: #1188618 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-nfs-server fixes the following issues: - Set X-SuSE-YaST-AutoInstClient in the desktop file to properly determine the client name. (bsc#1188618) - Fix the corresponding section name in the package specification. (bsc#1188618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2883=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-nfs-common-4.3.4-3.5.1 yast2-nfs-server-4.3.4-3.5.1 References: https://bugzilla.suse.com/1188618 From sle-updates at lists.suse.com Tue Aug 31 13:19:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 15:19:50 +0200 (CEST) Subject: SUSE-RU-2021:2882-1: moderate: Recommended update for yast2-update Message-ID: <20210831131950.6BA81FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2882-1 Rating: moderate References: #1181066 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-update fixes the following issues: - Avoid to bind-mount /run twice. (bsc#1181066) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2882=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-2882=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-update-4.2.22-3.10.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-update-4.2.22-3.10.1 References: https://bugzilla.suse.com/1181066 From sle-updates at lists.suse.com Tue Aug 31 16:16:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 18:16:47 +0200 (CEST) Subject: SUSE-RU-2021:2886-1: moderate: Recommended update for bind Message-ID: <20210831161647.36BD7FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2886-1 Rating: moderate References: #1187921 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bind fixes the following issues: - tsig-keygen is now used to generate DDNS keys (bsc#1187921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2886=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2886=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): bind-9.16.6-22.10.1 bind-chrootenv-9.16.6-22.10.1 bind-debuginfo-9.16.6-22.10.1 bind-debugsource-9.16.6-22.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): bind-doc-9.16.6-22.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-22.10.1 bind-debugsource-9.16.6-22.10.1 bind-devel-9.16.6-22.10.1 bind-utils-9.16.6-22.10.1 bind-utils-debuginfo-9.16.6-22.10.1 libbind9-1600-9.16.6-22.10.1 libbind9-1600-debuginfo-9.16.6-22.10.1 libdns1605-9.16.6-22.10.1 libdns1605-debuginfo-9.16.6-22.10.1 libirs-devel-9.16.6-22.10.1 libirs1601-9.16.6-22.10.1 libirs1601-debuginfo-9.16.6-22.10.1 libisc1606-9.16.6-22.10.1 libisc1606-debuginfo-9.16.6-22.10.1 libisccc1600-9.16.6-22.10.1 libisccc1600-debuginfo-9.16.6-22.10.1 libisccfg1600-9.16.6-22.10.1 libisccfg1600-debuginfo-9.16.6-22.10.1 libns1604-9.16.6-22.10.1 libns1604-debuginfo-9.16.6-22.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-bind-9.16.6-22.10.1 References: https://bugzilla.suse.com/1187921 From sle-updates at lists.suse.com Tue Aug 31 16:20:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 18:20:05 +0200 (CEST) Subject: SUSE-RU-2021:2887-1: moderate: Recommended update for cloud-init Message-ID: <20210831162005.D7F86FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2887-1 Rating: moderate References: #1183939 #1184758 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-init contains the following: - Change log file creation mode to 640. (bsc#1183939) - Do not write the generated password to the log file. (bsc#1184758) - Allow purging cache when Python when version change detected. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-2887=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-2887=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-2887=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.48.1 cloud-init-config-suse-20.2-8.48.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.48.1 cloud-init-config-suse-20.2-8.48.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.48.1 cloud-init-config-suse-20.2-8.48.1 References: https://bugzilla.suse.com/1183939 https://bugzilla.suse.com/1184758 From sle-updates at lists.suse.com Tue Aug 31 16:21:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 18:21:22 +0200 (CEST) Subject: SUSE-RU-2021:2884-1: moderate: Recommended update for rsyslog Message-ID: <20210831162122.D77C2FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2884-1 Rating: moderate References: #1187590 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - fix a crash in the disk-assisted mode queue when using libfastjson (bsc#1187590) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2884=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.49.2 rsyslog-debuginfo-8.24.0-3.49.2 rsyslog-debugsource-8.24.0-3.49.2 rsyslog-diag-tools-8.24.0-3.49.2 rsyslog-diag-tools-debuginfo-8.24.0-3.49.2 rsyslog-doc-8.24.0-3.49.2 rsyslog-module-gssapi-8.24.0-3.49.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.49.2 rsyslog-module-gtls-8.24.0-3.49.2 rsyslog-module-gtls-debuginfo-8.24.0-3.49.2 rsyslog-module-mmnormalize-8.24.0-3.49.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.49.2 rsyslog-module-mysql-8.24.0-3.49.2 rsyslog-module-mysql-debuginfo-8.24.0-3.49.2 rsyslog-module-pgsql-8.24.0-3.49.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.49.2 rsyslog-module-relp-8.24.0-3.49.2 rsyslog-module-relp-debuginfo-8.24.0-3.49.2 rsyslog-module-snmp-8.24.0-3.49.2 rsyslog-module-snmp-debuginfo-8.24.0-3.49.2 rsyslog-module-udpspoof-8.24.0-3.49.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.49.2 References: https://bugzilla.suse.com/1187590 From sle-updates at lists.suse.com Tue Aug 31 16:23:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 18:23:34 +0200 (CEST) Subject: SUSE-RU-2021:2888-1: moderate: Recommended update for yast2-nfs-client Message-ID: <20210831162334.2EC59FCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2888-1 Rating: moderate References: #1187781 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-nfs-client fixes the following issues: - Support systemd mount options in fstab (bsc#1187781) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2888=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-nfs-client-4.3.4-3.3.1 References: https://bugzilla.suse.com/1187781 From sle-updates at lists.suse.com Tue Aug 31 16:24:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Aug 2021 18:24:44 +0200 (CEST) Subject: SUSE-RU-2021:2885-1: Recommended update for publicsuffix Message-ID: <20210831162444.3B17AFCF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for publicsuffix ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2885-1 Rating: low References: #1189124 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for publicsuffix fixes the following issues: - Updates the list of known/accepted domains with recent data (bsc#1189124). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2885=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2885=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): publicsuffix-20210804-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): publicsuffix-20210804-3.6.1 References: https://bugzilla.suse.com/1189124 From sle-updates at lists.suse.com Tue Aug 31 22:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 00:16:56 +0200 (CEST) Subject: SUSE-SU-2021:2890-1: moderate: Security update for dovecot23 Message-ID: <20210831221656.109E6F799@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2890-1 Rating: moderate References: #1187418 #1187419 #1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-28200 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-29157 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has one errata is now available. Description: This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 (jsc#SLE-19970): Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. (bsc#1187418) Local attacker can login as any user and access their emails - CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. (bsc#1187419) Attacker can potentially steal user credentials and mails * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * Dovecot now depends on libsystemd for systemd integration. * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead. * config: Some settings are now marked as "hidden". It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details. * imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/ * indexer-worker: Convert "Indexed" info logs to an event named "indexer_worker_indexing_finished". See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexin g-finished + Add TSLv1.3 support to min_protocols. + Allow configuring ssl_cipher_suites. (for TLSv1.3+) + acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces. + imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ("SNIPPET and PREVIEW with explicit algorithm selection") have been deprecated. + imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes. + lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail + zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies. - *-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve. - *-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default "high-security mode" (with service_count=1) where each connection is handled by a separate process. - *-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded. - Fixed building with link time optimizations (-flto). - auth: Userdb iteration with passwd driver does not always return all users with some nss drivers. - dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with "mail_shared_explicit_inbox" set to "yes". - dsync: Shared namespaces were not synced with "-n" flag. - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled. - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression. - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a "NIL" string. v2.3.14 regression. - imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count) - imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions. - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long. - imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop. - lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it. - lib-oauth2: JWT token time validation now works correctly with 32-bit systems. - lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive. - lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0)) - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the "hdr-pop3-uidl" header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files). - listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: "Invalid mailbox name: Name must not have '/' character." - lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT. - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded. - lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command. - lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging. - master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks. - master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID. - master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes. - util: Make the health-check.sh example script POSIX shell compatible. * Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information. * Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage. * Remove autocreate, expire, snarf and mail-filter plugins. * Remove cydir storage driver. * Remove XZ/LZMA write support. Read support will be removed in future release. * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting. * If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders. * imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as "~7e". * imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem. * stats: Update exported metrics to be compliant with OpenMetrics standard. + doveadm: Add an optional '-p' parameter to metadata list command. If enabled, "/private", and "/shared" metadata prefixes will be prepended to the keys in the list output. + doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax /#environment-variables for more details. + indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage. - auth: "nodelay" with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed. - auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0). - configure: Fix libunwind detection to work on other than x86_64 systems. - doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible. - dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced). - fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in "nstring" handling. Changed the IMAP parsing to be more strict about this now. - lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL). - lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly. - lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked. - Message PREVIEW handled whitespace wrong so first space would get eaten from between words. - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. - Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD. - event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL) - lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly. - log: instance_name wasn't used as syslog ident by the log process. - master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - stats: Event filters comparing against empty strings crash the stats process. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. + login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way. - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it. - dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall. - doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized). - fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location. - imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0 - imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync. - imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT. - lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown. - lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in "Broken pipe" read errors when trying to read it back. - lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking) - lib-dict: dict client could have crashed in some rare situations when iterating keys. - lib-http: Fix several assert-crashes in HTTP client. - lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log. - lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation. - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). - lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token. - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled. - lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging "Cached message size smaller/larger than expected" error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip). - lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction. - lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0). - lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2. - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data. - lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries. - lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled. - lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command. - login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be. - master: Process was using 100% CPU in some situations when a broken service was being throttled. - pop3-login: POP3 login would fail with "Input buffer full" if the initial response for SASL was too long. - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. Update pigeonhole to version 0.5.15 * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. * duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end. * editheader: Sieve interpreter entered infinite loop at startup when the "editheader" configuration listed an invalid header name. This problem can only be triggered by the administrator. * relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault. * sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ("mailboxexists", "specialuse_exists"). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands. * sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2890=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2890=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2890=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2890=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dovecot23-2.3.15-4.38.3 dovecot23-backend-mysql-2.3.15-4.38.3 dovecot23-backend-mysql-debuginfo-2.3.15-4.38.3 dovecot23-backend-pgsql-2.3.15-4.38.3 dovecot23-backend-pgsql-debuginfo-2.3.15-4.38.3 dovecot23-backend-sqlite-2.3.15-4.38.3 dovecot23-backend-sqlite-debuginfo-2.3.15-4.38.3 dovecot23-debuginfo-2.3.15-4.38.3 dovecot23-debugsource-2.3.15-4.38.3 dovecot23-devel-2.3.15-4.38.3 dovecot23-fts-2.3.15-4.38.3 dovecot23-fts-debuginfo-2.3.15-4.38.3 dovecot23-fts-lucene-2.3.15-4.38.3 dovecot23-fts-lucene-debuginfo-2.3.15-4.38.3 dovecot23-fts-solr-2.3.15-4.38.3 dovecot23-fts-solr-debuginfo-2.3.15-4.38.3 dovecot23-fts-squat-2.3.15-4.38.3 dovecot23-fts-squat-debuginfo-2.3.15-4.38.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dovecot23-2.3.15-4.38.3 dovecot23-backend-mysql-2.3.15-4.38.3 dovecot23-backend-mysql-debuginfo-2.3.15-4.38.3 dovecot23-backend-pgsql-2.3.15-4.38.3 dovecot23-backend-pgsql-debuginfo-2.3.15-4.38.3 dovecot23-backend-sqlite-2.3.15-4.38.3 dovecot23-backend-sqlite-debuginfo-2.3.15-4.38.3 dovecot23-debuginfo-2.3.15-4.38.3 dovecot23-debugsource-2.3.15-4.38.3 dovecot23-devel-2.3.15-4.38.3 dovecot23-fts-2.3.15-4.38.3 dovecot23-fts-debuginfo-2.3.15-4.38.3 dovecot23-fts-lucene-2.3.15-4.38.3 dovecot23-fts-lucene-debuginfo-2.3.15-4.38.3 dovecot23-fts-solr-2.3.15-4.38.3 dovecot23-fts-solr-debuginfo-2.3.15-4.38.3 dovecot23-fts-squat-2.3.15-4.38.3 dovecot23-fts-squat-debuginfo-2.3.15-4.38.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dovecot23-2.3.15-4.38.3 dovecot23-backend-mysql-2.3.15-4.38.3 dovecot23-backend-mysql-debuginfo-2.3.15-4.38.3 dovecot23-backend-pgsql-2.3.15-4.38.3 dovecot23-backend-pgsql-debuginfo-2.3.15-4.38.3 dovecot23-backend-sqlite-2.3.15-4.38.3 dovecot23-backend-sqlite-debuginfo-2.3.15-4.38.3 dovecot23-debuginfo-2.3.15-4.38.3 dovecot23-debugsource-2.3.15-4.38.3 dovecot23-devel-2.3.15-4.38.3 dovecot23-fts-2.3.15-4.38.3 dovecot23-fts-debuginfo-2.3.15-4.38.3 dovecot23-fts-lucene-2.3.15-4.38.3 dovecot23-fts-lucene-debuginfo-2.3.15-4.38.3 dovecot23-fts-solr-2.3.15-4.38.3 dovecot23-fts-solr-debuginfo-2.3.15-4.38.3 dovecot23-fts-squat-2.3.15-4.38.3 dovecot23-fts-squat-debuginfo-2.3.15-4.38.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dovecot23-2.3.15-4.38.3 dovecot23-backend-mysql-2.3.15-4.38.3 dovecot23-backend-mysql-debuginfo-2.3.15-4.38.3 dovecot23-backend-pgsql-2.3.15-4.38.3 dovecot23-backend-pgsql-debuginfo-2.3.15-4.38.3 dovecot23-backend-sqlite-2.3.15-4.38.3 dovecot23-backend-sqlite-debuginfo-2.3.15-4.38.3 dovecot23-debuginfo-2.3.15-4.38.3 dovecot23-debugsource-2.3.15-4.38.3 dovecot23-devel-2.3.15-4.38.3 dovecot23-fts-2.3.15-4.38.3 dovecot23-fts-debuginfo-2.3.15-4.38.3 dovecot23-fts-lucene-2.3.15-4.38.3 dovecot23-fts-lucene-debuginfo-2.3.15-4.38.3 dovecot23-fts-solr-2.3.15-4.38.3 dovecot23-fts-solr-debuginfo-2.3.15-4.38.3 dovecot23-fts-squat-2.3.15-4.38.3 dovecot23-fts-squat-debuginfo-2.3.15-4.38.3 References: https://www.suse.com/security/cve/CVE-2020-28200.html https://www.suse.com/security/cve/CVE-2021-29157.html https://bugzilla.suse.com/1187418 https://bugzilla.suse.com/1187419 https://bugzilla.suse.com/1187420 From sle-updates at lists.suse.com Tue Aug 31 22:18:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 00:18:26 +0200 (CEST) Subject: SUSE-RU-2021:2895-1: moderate: Recommended update for unixODBC Message-ID: <20210831221826.F041CF799@maintenance.suse.de> SUSE Recommended Update: Recommended update for unixODBC ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2895-1 Rating: moderate References: SLE-18004 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for unixODBC fixes the following issues: - ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004) - Fix incorrect permission for documentation files. - Update requires and baselibs for new libodbc2. - Employ shared library packaging guideline: new subpacakge libodbc2. - Update to 2.3.9: * Remove "#define UNIXODBC_SOURCE" from unixodbc_conf.h - Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks - Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2895=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2895=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2895=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2895=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2895=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2895=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2895=1 Package List: - SUSE MicroOS 5.0 (x86_64): libltdl7-2.4.6-3.4.1 libltdl7-debuginfo-2.4.6-3.4.1 libtool-debugsource-2.4.6-3.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtool-debugsource-2.4.6-3.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libltdl7-32bit-2.4.6-3.4.1 libtool-debugsource-2.4.6-3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): libtool-32bit-2.4.6-3.4.1 libtool-debugsource-2.4.6-3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): libtool-debugsource-2.4.6-3.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 i586 ppc64le s390x x86_64): libodbc2-2.3.9-8.3.2 libodbc2-debuginfo-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libltdl7-2.4.6-3.4.1 libltdl7-debuginfo-2.4.6-3.4.1 libtool-2.4.6-3.4.1 libtool-debugsource-2.4.6-3.4.1 unixODBC-2.3.9-8.3.2 unixODBC-debuginfo-2.3.9-8.3.2 unixODBC-debugsource-2.3.9-8.3.2 unixODBC-devel-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64_ilp32): libodbc2-64bit-2.3.9-8.3.2 libodbc2-64bit-debuginfo-2.3.9-8.3.2 unixODBC-64bit-2.3.9-8.3.2 unixODBC-64bit-debuginfo-2.3.9-8.3.2 unixODBC-devel-64bit-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libltdl7-32bit-2.4.6-3.4.1 libltdl7-32bit-debuginfo-2.4.6-3.4.1 libodbc2-32bit-2.3.9-8.3.2 libodbc2-32bit-debuginfo-2.3.9-8.3.2 unixODBC-32bit-2.3.9-8.3.2 unixODBC-32bit-debuginfo-2.3.9-8.3.2 unixODBC-devel-32bit-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 i586 ppc64le s390x x86_64): libodbc2-2.3.9-8.3.2 libodbc2-debuginfo-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libltdl7-2.4.6-3.4.1 libltdl7-debuginfo-2.4.6-3.4.1 libtool-2.4.6-3.4.1 libtool-debugsource-2.4.6-3.4.1 unixODBC-2.3.9-8.3.2 unixODBC-debuginfo-2.3.9-8.3.2 unixODBC-debugsource-2.3.9-8.3.2 unixODBC-devel-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64_ilp32): libodbc2-64bit-2.3.9-8.3.2 libodbc2-64bit-debuginfo-2.3.9-8.3.2 unixODBC-64bit-2.3.9-8.3.2 unixODBC-64bit-debuginfo-2.3.9-8.3.2 unixODBC-devel-64bit-2.3.9-8.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libltdl7-32bit-2.4.6-3.4.1 libltdl7-32bit-debuginfo-2.4.6-3.4.1 libodbc2-32bit-2.3.9-8.3.2 libodbc2-32bit-debuginfo-2.3.9-8.3.2 unixODBC-32bit-2.3.9-8.3.2 unixODBC-32bit-debuginfo-2.3.9-8.3.2 unixODBC-devel-32bit-2.3.9-8.3.2 References: From sle-updates at lists.suse.com Tue Aug 31 22:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 00:19:30 +0200 (CEST) Subject: SUSE-RU-2021:2893-1: moderate: Recommended update for linuxrc Message-ID: <20210831221930.783D8F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for linuxrc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2893-1 Rating: moderate References: #1185304 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for linuxrc fixes the following issues: - Do not ask for 'ssh' password if 'ssh.password.enc' is set. (bsc#1185304) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2893=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): linuxrc-5.1.14.4-3.5.6 linuxrc-debuginfo-5.1.14.4-3.5.6 linuxrc-debugsource-5.1.14.4-3.5.6 References: https://bugzilla.suse.com/1185304 From sle-updates at lists.suse.com Tue Aug 31 22:20:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 00:20:43 +0200 (CEST) Subject: SUSE-SU-2021:2892-1: moderate: Security update for dovecot23 Message-ID: <20210831222043.5CBD9F799@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2892-1 Rating: moderate References: #1187418 #1187419 #1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-28200 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-29157 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has one errata is now available. Description: This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 (jsc#SLE-19970): Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. (bsc#1187418) Local attacker can login as any user and access their emails - CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. (bsc#1187419) Attacker can potentially steal user credentials and mails * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * Dovecot now depends on libsystemd for systemd integration. * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead. * config: Some settings are now marked as "hidden". It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details. * imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/ * indexer-worker: Convert "Indexed" info logs to an event named "indexer_worker_indexing_finished". See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexin g-finished + Add TSLv1.3 support to min_protocols. + Allow configuring ssl_cipher_suites. (for TLSv1.3+) + acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces. + imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ("SNIPPET and PREVIEW with explicit algorithm selection") have been deprecated. + imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes. + lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail + zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies. - *-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve. - *-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default "high-security mode" (with service_count=1) where each connection is handled by a separate process. - *-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded. - Fixed building with link time optimizations (-flto). - auth: Userdb iteration with passwd driver does not always return all users with some nss drivers. - dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with "mail_shared_explicit_inbox" set to "yes". - dsync: Shared namespaces were not synced with "-n" flag. - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled. - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression. - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a "NIL" string. v2.3.14 regression. - imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count) - imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions. - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long. - imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop. - lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it. - lib-oauth2: JWT token time validation now works correctly with 32-bit systems. - lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive. - lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0)) - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the "hdr-pop3-uidl" header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files). - listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: "Invalid mailbox name: Name must not have '/' character." - lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT. - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded. - lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command. - lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging. - master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks. - master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID. - master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes. - util: Make the health-check.sh example script POSIX shell compatible. * Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information. * Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage. * Remove autocreate, expire, snarf and mail-filter plugins. * Remove cydir storage driver. * Remove XZ/LZMA write support. Read support will be removed in future release. * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting. * If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders. * imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as "~7e". * imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem. * stats: Update exported metrics to be compliant with OpenMetrics standard. + doveadm: Add an optional '-p' parameter to metadata list command. If enabled, "/private", and "/shared" metadata prefixes will be prepended to the keys in the list output. + doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax /#environment-variables for more details. + indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage. - auth: "nodelay" with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed. - auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0). - configure: Fix libunwind detection to work on other than x86_64 systems. - doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible. - dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced). - fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in "nstring" handling. Changed the IMAP parsing to be more strict about this now. - lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL). - lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly. - lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked. - Message PREVIEW handled whitespace wrong so first space would get eaten from between words. - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. - Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD. - event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL) - lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly. - log: instance_name wasn't used as syslog ident by the log process. - master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - stats: Event filters comparing against empty strings crash the stats process. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. + login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way. - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it. - dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall. - doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized). - fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location. - imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0 - imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync. - imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT. - lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown. - lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in "Broken pipe" read errors when trying to read it back. - lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking) - lib-dict: dict client could have crashed in some rare situations when iterating keys. - lib-http: Fix several assert-crashes in HTTP client. - lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log. - lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation. - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). - lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token. - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled. - lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging "Cached message size smaller/larger than expected" error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip). - lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction. - lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0). - lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2. - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data. - lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries. - lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled. - lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command. - login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be. - master: Process was using 100% CPU in some situations when a broken service was being throttled. - pop3-login: POP3 login would fail with "Input buffer full" if the initial response for SASL was too long. - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. Update pigeonhole to version 0.5.15 * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. * duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end. * editheader: Sieve interpreter entered infinite loop at startup when the "editheader" configuration listed an invalid header name. This problem can only be triggered by the administrator. * relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault. * sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ("mailboxexists", "specialuse_exists"). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands. * sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2892=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2892=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-58.3 dovecot23-backend-mysql-2.3.15-58.3 dovecot23-backend-mysql-debuginfo-2.3.15-58.3 dovecot23-backend-pgsql-2.3.15-58.3 dovecot23-backend-pgsql-debuginfo-2.3.15-58.3 dovecot23-backend-sqlite-2.3.15-58.3 dovecot23-backend-sqlite-debuginfo-2.3.15-58.3 dovecot23-debuginfo-2.3.15-58.3 dovecot23-debugsource-2.3.15-58.3 dovecot23-devel-2.3.15-58.3 dovecot23-fts-2.3.15-58.3 dovecot23-fts-debuginfo-2.3.15-58.3 dovecot23-fts-lucene-2.3.15-58.3 dovecot23-fts-lucene-debuginfo-2.3.15-58.3 dovecot23-fts-solr-2.3.15-58.3 dovecot23-fts-solr-debuginfo-2.3.15-58.3 dovecot23-fts-squat-2.3.15-58.3 dovecot23-fts-squat-debuginfo-2.3.15-58.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-58.3 dovecot23-backend-mysql-2.3.15-58.3 dovecot23-backend-mysql-debuginfo-2.3.15-58.3 dovecot23-backend-pgsql-2.3.15-58.3 dovecot23-backend-pgsql-debuginfo-2.3.15-58.3 dovecot23-backend-sqlite-2.3.15-58.3 dovecot23-backend-sqlite-debuginfo-2.3.15-58.3 dovecot23-debuginfo-2.3.15-58.3 dovecot23-debugsource-2.3.15-58.3 dovecot23-devel-2.3.15-58.3 dovecot23-fts-2.3.15-58.3 dovecot23-fts-debuginfo-2.3.15-58.3 dovecot23-fts-lucene-2.3.15-58.3 dovecot23-fts-lucene-debuginfo-2.3.15-58.3 dovecot23-fts-solr-2.3.15-58.3 dovecot23-fts-solr-debuginfo-2.3.15-58.3 dovecot23-fts-squat-2.3.15-58.3 dovecot23-fts-squat-debuginfo-2.3.15-58.3 References: https://www.suse.com/security/cve/CVE-2020-28200.html https://www.suse.com/security/cve/CVE-2021-29157.html https://bugzilla.suse.com/1187418 https://bugzilla.suse.com/1187419 https://bugzilla.suse.com/1187420 From sle-updates at lists.suse.com Tue Aug 31 22:22:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 00:22:10 +0200 (CEST) Subject: SUSE-SU-2021:2891-1: moderate: Security update for dovecot23 Message-ID: <20210831222210.D04FBF799@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2891-1 Rating: moderate References: #1187418 #1187419 #1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-28200 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-29157 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has one errata is now available. Description: This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 (jsc#SLE-19970): Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. (bsc#1187418) Local attacker can login as any user and access their emails - CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. (bsc#1187419) Attacker can potentially steal user credentials and mails * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * Dovecot now depends on libsystemd for systemd integration. * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead. * config: Some settings are now marked as "hidden". It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details. * imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/ * indexer-worker: Convert "Indexed" info logs to an event named "indexer_worker_indexing_finished". See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexin g-finished + Add TSLv1.3 support to min_protocols. + Allow configuring ssl_cipher_suites. (for TLSv1.3+) + acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces. + imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ("SNIPPET and PREVIEW with explicit algorithm selection") have been deprecated. + imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes. + lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail + zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies. - *-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve. - *-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default "high-security mode" (with service_count=1) where each connection is handled by a separate process. - *-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded. - Fixed building with link time optimizations (-flto). - auth: Userdb iteration with passwd driver does not always return all users with some nss drivers. - dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with "mail_shared_explicit_inbox" set to "yes". - dsync: Shared namespaces were not synced with "-n" flag. - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled. - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression. - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a "NIL" string. v2.3.14 regression. - imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count) - imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions. - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long. - imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop. - lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it. - lib-oauth2: JWT token time validation now works correctly with 32-bit systems. - lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive. - lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0)) - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the "hdr-pop3-uidl" header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files). - listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: "Invalid mailbox name: Name must not have '/' character." - lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT. - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded. - lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command. - lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging. - master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks. - master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID. - master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes. - util: Make the health-check.sh example script POSIX shell compatible. * Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information. * Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage. * Remove autocreate, expire, snarf and mail-filter plugins. * Remove cydir storage driver. * Remove XZ/LZMA write support. Read support will be removed in future release. * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting. * If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders. * imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as "~7e". * imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem. * stats: Update exported metrics to be compliant with OpenMetrics standard. + doveadm: Add an optional '-p' parameter to metadata list command. If enabled, "/private", and "/shared" metadata prefixes will be prepended to the keys in the list output. + doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax /#environment-variables for more details. + indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage. - auth: "nodelay" with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed. - auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0). - configure: Fix libunwind detection to work on other than x86_64 systems. - doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible. - dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced). - fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in "nstring" handling. Changed the IMAP parsing to be more strict about this now. - lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL). - lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly. - lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked. - Message PREVIEW handled whitespace wrong so first space would get eaten from between words. - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. - Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD. - event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL) - lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly. - log: instance_name wasn't used as syslog ident by the log process. - master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - stats: Event filters comparing against empty strings crash the stats process. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. + login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way. - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it. - dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall. - doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized). - fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location. - imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0 - imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync. - imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT. - lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown. - lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in "Broken pipe" read errors when trying to read it back. - lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking) - lib-dict: dict client could have crashed in some rare situations when iterating keys. - lib-http: Fix several assert-crashes in HTTP client. - lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log. - lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation. - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). - lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token. - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled. - lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging "Cached message size smaller/larger than expected" error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip). - lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction. - lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0). - lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2. - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data. - lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries. - lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled. - lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command. - login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be. - master: Process was using 100% CPU in some situations when a broken service was being throttled. - pop3-login: POP3 login would fail with "Input buffer full" if the initial response for SASL was too long. - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. Update pigeonhole to version 0.5.15 * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. * duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end. * editheader: Sieve interpreter entered infinite loop at startup when the "editheader" configuration listed an invalid header name. This problem can only be triggered by the administrator. * relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault. * sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ("mailboxexists", "specialuse_exists"). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands. * sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2891=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2891=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2891=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2891=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2891=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2891=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2891=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2891=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2891=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Manager Proxy 4.0 (x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 - SUSE CaaS Platform 4.0 (x86_64): dovecot23-2.3.15-27.3 dovecot23-backend-mysql-2.3.15-27.3 dovecot23-backend-mysql-debuginfo-2.3.15-27.3 dovecot23-backend-pgsql-2.3.15-27.3 dovecot23-backend-pgsql-debuginfo-2.3.15-27.3 dovecot23-backend-sqlite-2.3.15-27.3 dovecot23-backend-sqlite-debuginfo-2.3.15-27.3 dovecot23-debuginfo-2.3.15-27.3 dovecot23-debugsource-2.3.15-27.3 dovecot23-devel-2.3.15-27.3 dovecot23-fts-2.3.15-27.3 dovecot23-fts-debuginfo-2.3.15-27.3 dovecot23-fts-lucene-2.3.15-27.3 dovecot23-fts-lucene-debuginfo-2.3.15-27.3 dovecot23-fts-solr-2.3.15-27.3 dovecot23-fts-solr-debuginfo-2.3.15-27.3 dovecot23-fts-squat-2.3.15-27.3 dovecot23-fts-squat-debuginfo-2.3.15-27.3 References: https://www.suse.com/security/cve/CVE-2020-28200.html https://www.suse.com/security/cve/CVE-2021-29157.html https://bugzilla.suse.com/1187418 https://bugzilla.suse.com/1187419 https://bugzilla.suse.com/1187420